BCP38 Deployment
David Conrad
drc at virtualized.org
Wed Mar 28 21:49:02 UTC 2012
On Mar 28, 2012, at 12:03 PM, Leo Bicknell wrote:
> Tier 1 T640 core network with 10GE handoff
> Regional Cisco GSR network with 1GE handoff
> Local 1006 to Arris CMTS
> Subscriber Motorola Cable Modem to NetGear SOHO Gateway
> User Patron with Airport Express sharing a wired connection to WiFi
> ...
> If you were going to write it into law/regulation, where would you require it?
Seems to me that from a legislator's perspective, there is a pretty bright (as in "moth attracted to flame") line between "subscriber" and "provider".
> Maybe all of them should, but can they from a technologial perspective?
Implementing telephone number portability was probably technologically more challenging for the telcos to deal with but that didn't stop the legislators from requiring it.
> I think given the thorny set of issues that taking a step back and
> saying, "rather than a perfect solution, what gets us most of the
> way there the cheapest, and quick" is a good question to ask.
You don't think that question has already been asked?
It has been a dozen years since BCP38 was published. Over that period, the Internet has grown immensely and with it, the threats the ability to trivially spoofing source addresses represents. As far as I can tell, there has been little to no improvement in mechanisms to reduce those threats, yet high profile attacks against governments, departments/ministries, commercial organizations, etc., have only increased.
I figure at some point (likely after a particularly high-profile attack), politicians and their corporate masters are going to feel the need to be seen to "do something about the problem." I have some skepticism that 'something' is going to be an ideal solution.
> The perfect is the enemy of the good in this case. Solving this at the
> consumer CPE level would remove 90-95% of the problem at zero hardware
> cost, a very small software cost, and a very small support cost and
> probably make us stop talking about this issue all together.
And the incentive for CPE manufacturers to invest in the small software cost is?
Regards,
-drc
More information about the NANOG
mailing list