Request for comment -- BCP38
Jay R. Ashworth
jra at baylink.com
Sun Oct 2 01:39:10 UTC 2016
----- Original Message -----
> From: "Florian Weimer" <fw at deneb.enyo.de>
> * Jason Iannone:
>> Are urpf and bcp38 interchangeable terms in this discussion? It seems
>> impractical and operationally risky to implement two unique ways to dos
>> customers. What are the lessons learned by operators doing static output
>> filters, strict urpf, or loose/feasible urpf?
> Historically (in 1998, when RFC 2267 was released), BCP 38 was an
> egress filter applied at the AS boundary.
You meant ingress, no?
The control of the address space allocation resides with the upstream,
as must control of the filtering.
You *can* do BCP38 egress filtering on your network, but that filter
would *be in control of the Bad Guys* whom we're trying to kill off.
The filtering needs to be on the other side of the administrative
span of control fence.
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the NANOG