BCP38 - Internet Death Penalty

Jay Ashworth jra at baylink.com
Tue Mar 26 14:51:45 UTC 2013


Ok, let's haul this up out of the other thread.

It seems consensus that the anti-source-address-spoofing provisions (at 
least) of BCP38 have long since become critical to mitigating (and eventually
preventing) UDP attacks like DNS reflection and such, and that such attacks
are uniformly considered Bad Things.

It also seems that, with 13 years to get it done, even if equipment makers
have put usable working knobs into their edge routers and concentrators,
sufficient numbers of IAPs have not started turning them on.

The problem here is, of course, one of externalities and the Common Good,
hard sales to make in a business environment.

But have we reached the point where it's time to start trying?

Do we need to define a flag day, say one year hence, and start making the 
sales pitch to our Corporate Overlords that we need to apply the IDP to
edge connections which cannot prove they've implemented BCP38 (or at very
least, the source address spoofing provisions thereof)?  Put this in 
contracts and renewals, with the same penalty?

Do the engineering heads at the top 10 tier-1/2 carriers carry enough water
to make that sale to the CEOs?

Cheers,
-- jr 'will rouse rabble for food' a
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274




More information about the NANOG mailing list