Request for comment -- BCP38

Ken Chase math at
Mon Sep 26 14:47:24 UTC 2016

This might break some of those badly-behaving "dual ISP" COTS routers out there
that use different inbound from outbound paths since each is the fastest of
either link.

I did this manually when I was messing around with multiple broadband links on
a fbsd router years ago, was glad it worked at the time.


On Mon, Sep 26, 2016 at 07:11:42AM -0700, Paul Ferguson said:
  >No -- BCP38 only prescribes filtering outbound to ensure that no packets leave your network with IP source addresses which are not from within your legitimate allocation.
  > - ferg 
  >On September 26, 2016 7:05:49 AM PDT, Stephen Satchell <list at> wrote:
  >>Is this an accurate thumbnail summary of BCP38 (ignoring for the moment
  >>the issues of multi-home), or is there something I missed?
  >>>     The basic philosophy of BCP38 boils down to two axioms:
  >>>         Don't let the "bad stuff" into your router
  >>>         Don't let the "bad stuff" leave your router
  >>>     The original definition of "bad stuff" is limited to source-
  >>>     address grooming both inbound and outbound.  I've expanded on the
  >>>     original definition by including rule generation to control
  >>>     broadcast address abuse.
  >Sent from my Android device with K-9 Mail. Please excuse my brevity.

Ken Chase - math at Toronto Canada

More information about the NANOG mailing list