BCP38 For BGP Customers
Mike Hammett
nanog at ics-il.net
Mon Nov 7 23:16:46 UTC 2022
This may not exist yet, but what about a uRPF-like feature that uses RPKI, IRR, etc. instead of current BGP feed?
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
----- Original Message -----
From: "Charles Rumford via NANOG" <nanog at nanog.org>
To: nanog at nanog.org
Sent: Monday, November 7, 2022 10:47:54 AM
Subject: BCP38 For BGP Customers
Hello -
I'm are currently working on getting BCP38 filtering in place for our BGP
customers. My current plan is to use the Juniper uRPF feature to filter out
spoofed traffic based on the routing table. The mentality would be: "If you
don't send us the prefix, then we don't accept the traffic". This has raised
some issues amongst our network engineers regarding multi-homed customers.
One of the issues raised was if a multi-homed BGP customer revoked a prefix from
one of their peerings, but continued sending us traffic on the link then we
would drop the traffic.
I would like to hear what others are doing for BCP38 deployments for BGP
customers. Are you taking the stance of "if you don't send us the prefix, then
we don't accept the traffic"? Are you putting in some kind of fall back filter
in based on something like IRR data?
Thanks!
--
Charles Rumford (he/his/him)
Network Engineer | Deft
1-312-268-9342 | charlesr at deft.com
deft.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20221107/54226e3c/attachment.html>
More information about the NANOG
mailing list