Request for comment -- BCP38

Laszlo Hanyecz laszlo at heliacal.net
Mon Sep 26 18:44:41 UTC 2016



On 2016-09-26 18:03, John Levine wrote:
>>>> If you have links from both ISP A and ISP B and decide to send traffic
>>>> out ISP A's link sourced from addresses ISP B allocated to you, ISP A
>>>> *should* drop that traffic on the floor.
>>> This is a legitimate and interesting use case that is broken by BCP38.
>> I don't agree that this is legitimate.
>>
>> Also we're talking about typical mom & pop home users here.
> There are SOHO modems that will fall back to a second connection if
> the primary one fails, but that's not what we're talking about here.
>
> The customers I'm talking about are businesses large enough to have
> two dedicated upstreams, and a chunk of address spaced SWIP'ed from
> each.  Some run BGP but I get the impression as likely as not they
> have static routes to the two upstreams.
>
> For people who missed it the last time, I said $50K/mo, not $50/mo.  Letters matter.

This doesn't have to be $50k/mo though.  If the connections weren't 
source address filtered for BCP38 and you could send packets down either 
one, the CPE could simply start with 2 default routes and take one out 
when it sees a connection go down.  This could work with a cable + DSL 
connection even.  It would be easy to further refine which connection to 
use for a particular service by simply adding a specific route for that 
service's address.  This would be a lot better than having to restart 
everything after one of the connections fails.   This would provide 
functionality similar to the BGP setup without any additional work from 
the service provider. People can't build CPE software that does this 
type of connection balancing because they can't rely on this working due 
to BCP38 implementation.  In my experience the only way you can get 
people to stop source address filtering is if you mention BGP, but BGP 
shouldn't be required to do this.

-Laszlo

>
> R's,
> John
>




More information about the NANOG mailing list