Request for comment -- BCP38

• Previous message (by thread): Request for comment -- BCP38
• Next message (by thread): Request for comment -- BCP38
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Sep 26, 2016, at 7:47 AM, Stephen Satchell <list at satchell.net> wrote:
> 
> On 09/26/2016 07:11 AM, Paul Ferguson wrote:
>> No -- BCP38 only prescribes filtering outbound to ensure that no
>> packets leave your network with IP source addresses which are not
>> from within your legitimate allocation.
> 
> So, to beat that horse to a fare-thee-well, to be BCP38 compliant I need, on every interface sending packets out to the internet, to block any source address matching a subnet in the BOGON list OR not matching any of my routeable network subnets?  Plus add null-route entries for all the BOGONs in my routing table so I don't send a bad destination packet to my upstream?


BCP38 only provides for disallowing spoofed packets into the Internet. Any additional filtering against bosons, etc., are probably a good idea, just not including specifically in BCP38.

- ferg


—
Paul Ferguson
ICEBRG.io
Seattle, Washington, USA



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20160926/3259859e/attachment.sig>

• Previous message (by thread): Request for comment -- BCP38
• Next message (by thread): Request for comment -- BCP38
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]