Request for comment -- BCP38

Paul Ferguson fergdawgster at
Mon Sep 26 14:58:39 UTC 2016

> On Sep 26, 2016, at 7:47 AM, Stephen Satchell <list at> wrote:
> On 09/26/2016 07:11 AM, Paul Ferguson wrote:
>> No -- BCP38 only prescribes filtering outbound to ensure that no
>> packets leave your network with IP source addresses which are not
>> from within your legitimate allocation.
> So, to beat that horse to a fare-thee-well, to be BCP38 compliant I need, on every interface sending packets out to the internet, to block any source address matching a subnet in the BOGON list OR not matching any of my routeable network subnets?  Plus add null-route entries for all the BOGONs in my routing table so I don't send a bad destination packet to my upstream?

BCP38 only provides for disallowing spoofed packets into the Internet. Any additional filtering against bosons, etc., are probably a good idea, just not including specifically in BCP38.

- ferg

Paul Ferguson
Seattle, Washington, USA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the NANOG mailing list