Request for comment -- BCP38

Eliot Lear lear at
Mon Sep 26 20:16:41 UTC 2016


You're getting wrapped around the axle.  Start by solving the 90%
problem, and worry about the 10% one later.  BGP38 addresses the former
very well, and the other 10% requires enough manual labor already that
you can charge it back.


On 9/26/16 8:44 PM, Laszlo Hanyecz wrote:
> On 2016-09-26 18:03, John Levine wrote:
>>>>> If you have links from both ISP A and ISP B and decide to send
>>>>> traffic
>>>>> out ISP A's link sourced from addresses ISP B allocated to you, ISP A
>>>>> *should* drop that traffic on the floor.
>>>> This is a legitimate and interesting use case that is broken by BCP38.
>>> I don't agree that this is legitimate.
>>> Also we're talking about typical mom & pop home users here.
>> There are SOHO modems that will fall back to a second connection if
>> the primary one fails, but that's not what we're talking about here.
>> The customers I'm talking about are businesses large enough to have
>> two dedicated upstreams, and a chunk of address spaced SWIP'ed from
>> each.  Some run BGP but I get the impression as likely as not they
>> have static routes to the two upstreams.
>> For people who missed it the last time, I said $50K/mo, not $50/mo. 
>> Letters matter.
> This doesn't have to be $50k/mo though.  If the connections weren't
> source address filtered for BCP38 and you could send packets down
> either one, the CPE could simply start with 2 default routes and take
> one out when it sees a connection go down.  This could work with a
> cable + DSL connection even.  It would be easy to further refine which
> connection to use for a particular service by simply adding a specific
> route for that service's address.  This would be a lot better than
> having to restart everything after one of the connections fails.  
> This would provide functionality similar to the BGP setup without any
> additional work from the service provider. People can't build CPE
> software that does this type of connection balancing because they
> can't rely on this working due to BCP38 implementation.  In my
> experience the only way you can get people to stop source address
> filtering is if you mention BGP, but BGP shouldn't be required to do
> this.
> -Laszlo
>> R's,
>> John

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 481 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the NANOG mailing list