Request for comment -- BCP38
Jay R. Ashworth
jra at baylink.com
Sun Oct 2 01:39:10 UTC 2016
----- Original Message -----
> From: "Florian Weimer" <fw at deneb.enyo.de>
> * Jason Iannone:
>> Are urpf and bcp38 interchangeable terms in this discussion? It seems
>> impractical and operationally risky to implement two unique ways to dos
>> customers. What are the lessons learned by operators doing static output
>> filters, strict urpf, or loose/feasible urpf?
>
> Historically (in 1998, when RFC 2267 was released), BCP 38 was an
> egress filter applied at the AS boundary.
You meant ingress, no?
The control of the address space allocation resides with the upstream,
as must control of the filtering.
You *can* do BCP38 egress filtering on your network, but that filter
would *be in control of the Bad Guys* whom we're trying to kill off.
The filtering needs to be on the other side of the administrative
span of control fence.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the NANOG
mailing list