Request for comment -- BCP38
laszlo at heliacal.net
Mon Sep 26 18:44:41 UTC 2016
On 2016-09-26 18:03, John Levine wrote:
>>>> If you have links from both ISP A and ISP B and decide to send traffic
>>>> out ISP A's link sourced from addresses ISP B allocated to you, ISP A
>>>> *should* drop that traffic on the floor.
>>> This is a legitimate and interesting use case that is broken by BCP38.
>> I don't agree that this is legitimate.
>> Also we're talking about typical mom & pop home users here.
> There are SOHO modems that will fall back to a second connection if
> the primary one fails, but that's not what we're talking about here.
> The customers I'm talking about are businesses large enough to have
> two dedicated upstreams, and a chunk of address spaced SWIP'ed from
> each. Some run BGP but I get the impression as likely as not they
> have static routes to the two upstreams.
> For people who missed it the last time, I said $50K/mo, not $50/mo. Letters matter.
This doesn't have to be $50k/mo though. If the connections weren't
source address filtered for BCP38 and you could send packets down either
one, the CPE could simply start with 2 default routes and take one out
when it sees a connection go down. This could work with a cable + DSL
connection even. It would be easy to further refine which connection to
use for a particular service by simply adding a specific route for that
service's address. This would be a lot better than having to restart
everything after one of the connections fails. This would provide
functionality similar to the BGP setup without any additional work from
the service provider. People can't build CPE software that does this
type of connection balancing because they can't rely on this working due
to BCP38 implementation. In my experience the only way you can get
people to stop source address filtering is if you mention BGP, but BGP
shouldn't be required to do this.
More information about the NANOG