Request for comment -- BCP38

• Previous message (by thread): Request for comment -- BCP38
• Next message (by thread): Request for comment -- BCP38
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
> From: "Florian Weimer" <fw at deneb.enyo.de>

> * Jason Iannone:

>> Are urpf and bcp38 interchangeable terms in this discussion?  It seems
>> impractical and operationally risky to implement two unique ways to dos
>> customers.  What are the lessons learned by operators doing static output
>> filters, strict urpf, or loose/feasible urpf?
> 
> Historically (in 1998, when RFC 2267 was released), BCP 38 was an
> egress filter applied at the AS boundary.

You meant ingress, no?

The control of the address space allocation resides with the upstream,
as must control of the filtering.

You *can* do BCP38 egress filtering on your network, but that filter
would *be in control of the Bad Guys* whom we're trying to kill off.

The filtering needs to be on the other side of the administrative
span of control fence.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274

• Previous message (by thread): Request for comment -- BCP38
• Next message (by thread): Request for comment -- BCP38
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]