Mark Andrews marka at
Thu Jan 16 22:52:06 UTC 2014

In message <52D7E98B.4040801 at>, Pierre Lamy writes:
> BCP38 will only ever get implemented if governments and ruling 'net 
> bodies force deployment. There's otherwise very little benefit seen by 
> the access network providers, since the targets are other orgs and the 
> attacks are happening in a different backyard.

Except the targets are *everybody* including the access networks.
This really is "if you are not part of the solution, you are part
of the problem" and applies 100% to access networks.

And it doesn't require governments, it just requires CEO's with the
gumption to say we are not going to accept routes from you, via
transit or direct, until you publically state that you are implementing
BCP38 within your network and then follow through.

If you implement BCP the publish the fact on you sites.  This lets
others know they are not alone in the fight to make the net a better

	"We implement BCP 38 on XX% of customer links"

	"We implement BCP 38 on all of our single homed customers"

	"We implement BCP 38 on all our data centers traffic"

	"We implement BCP 38 on all our NOC traffic"

	"We implement BCP 38 on all our outgoing traffic"

	"We implement BCP 38 on all our traffic"

Machines get owned everywhere including data centers and NOCs.
BCP 38 filters should be everywhere.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the NANOG mailing list