BCP38 For BGP Customers
Tom Beecher
beecher at beecher.cc
Mon Nov 7 19:47:57 UTC 2022
>
> Are you taking the stance of "if you don't send us the prefix, then
> we don't accept the traffic"?
>
If you were one of my upstreams, and you implemented that, you would very
quickly no longer be one of my upstreams.
On Mon, Nov 7, 2022 at 2:22 PM Charles Rumford via NANOG <nanog at nanog.org>
wrote:
> Hello -
>
> I'm are currently working on getting BCP38 filtering in place for our BGP
> customers. My current plan is to use the Juniper uRPF feature to filter
> out
> spoofed traffic based on the routing table. The mentality would be: "If
> you
> don't send us the prefix, then we don't accept the traffic". This has
> raised
> some issues amongst our network engineers regarding multi-homed customers.
>
> One of the issues raised was if a multi-homed BGP customer revoked a
> prefix from
> one of their peerings, but continued sending us traffic on the link then
> we
> would drop the traffic.
>
> I would like to hear what others are doing for BCP38 deployments for BGP
> customers. Are you taking the stance of "if you don't send us the prefix,
> then
> we don't accept the traffic"? Are you putting in some kind of fall back
> filter
> in based on something like IRR data?
>
> Thanks!
>
> --
> Charles Rumford (he/his/him)
> Network Engineer | Deft
> 1-312-268-9342 | charlesr at deft.com
> deft.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20221107/5739000e/attachment.html>
More information about the NANOG
mailing list