BCP38 adoption "incentives"?
Mikael Abrahamsson
swmike at swm.pp.se
Tue Sep 27 12:46:24 UTC 2016
On Tue, 27 Sep 2016, Stephen Satchell wrote:
> You have to make their ignorance SUBTRACT from the bottom line.
I'd say there is no way to actually achieve this. BCP38 non-compliance
doesn't hurt the one not in compliance in any significant amount, it hurts
everybody else.
The only way I can imagine BCP38 ever happening widely is by means of
legislation, which of course is really hard because Internet spans
countries/continents.
Doing anti-spoofing should be done at the edge, the further up into the
core you try to do it, the bigger risk you're breaking lots of users'
connectivity, causing customer complaints.
In some countries I'm sure BCP38 compliance could be increased by means of
legislation and fining companies that do not do BCP38 filtering. But
before we do that, we need to agree that BCP38 compliance is a must. I
don't think we're there. I have heard people say that if they don't allow
some of their customers to spoof, they're losing business, because some
customers have built complete (deployed) solutions that are built on the
fact that they can spoof packets. These people will have to be convinced
that they're doing it wrong and re-design their solutions. This is going
to cost them dearly, so they're going to be upset.
With all the IoT devices out there, do people even need to spoof anymore?
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG
mailing list