Request for comment -- BCP38

Jay R. Ashworth jra at
Sun Oct 2 01:39:10 UTC 2016

----- Original Message -----
> From: "Florian Weimer" <fw at>

> * Jason Iannone:

>> Are urpf and bcp38 interchangeable terms in this discussion?  It seems
>> impractical and operationally risky to implement two unique ways to dos
>> customers.  What are the lessons learned by operators doing static output
>> filters, strict urpf, or loose/feasible urpf?
> Historically (in 1998, when RFC 2267 was released), BCP 38 was an
> egress filter applied at the AS boundary.

You meant ingress, no?

The control of the address space allocation resides with the upstream,
as must control of the filtering.

You *can* do BCP38 egress filtering on your network, but that filter
would *be in control of the Bad Guys* whom we're trying to kill off.

The filtering needs to be on the other side of the administrative
span of control fence.

-- jra
Jay R. Ashworth                  Baylink                       jra at
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274

More information about the NANOG mailing list