Request for comment -- BCP38
lear at cisco.com
Mon Sep 26 20:16:41 UTC 2016
You're getting wrapped around the axle. Start by solving the 90%
problem, and worry about the 10% one later. BGP38 addresses the former
very well, and the other 10% requires enough manual labor already that
you can charge it back.
On 9/26/16 8:44 PM, Laszlo Hanyecz wrote:
> On 2016-09-26 18:03, John Levine wrote:
>>>>> If you have links from both ISP A and ISP B and decide to send
>>>>> out ISP A's link sourced from addresses ISP B allocated to you, ISP A
>>>>> *should* drop that traffic on the floor.
>>>> This is a legitimate and interesting use case that is broken by BCP38.
>>> I don't agree that this is legitimate.
>>> Also we're talking about typical mom & pop home users here.
>> There are SOHO modems that will fall back to a second connection if
>> the primary one fails, but that's not what we're talking about here.
>> The customers I'm talking about are businesses large enough to have
>> two dedicated upstreams, and a chunk of address spaced SWIP'ed from
>> each. Some run BGP but I get the impression as likely as not they
>> have static routes to the two upstreams.
>> For people who missed it the last time, I said $50K/mo, not $50/mo.
>> Letters matter.
> This doesn't have to be $50k/mo though. If the connections weren't
> source address filtered for BCP38 and you could send packets down
> either one, the CPE could simply start with 2 default routes and take
> one out when it sees a connection go down. This could work with a
> cable + DSL connection even. It would be easy to further refine which
> connection to use for a particular service by simply adding a specific
> route for that service's address. This would be a lot better than
> having to restart everything after one of the connections fails.
> This would provide functionality similar to the BGP setup without any
> additional work from the service provider. People can't build CPE
> software that does this type of connection balancing because they
> can't rely on this working due to BCP38 implementation. In my
> experience the only way you can get people to stop source address
> filtering is if you mention BGP, but BGP shouldn't be required to do
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 481 bytes
Desc: OpenPGP digital signature
More information about the NANOG