There is work a tthe IETF on an addon to RPKI called ASPA. There is a
draft that describes how the combiantion of ASPA and RPKI can be used to
help with DDOS prevention.
There is also a working group at the IETF called SAVNET that is looking
at what technological additions can be made to address the shortcomings
in BCP 38. In fairness, there is distinct disagreement as to what those
shortcomings are, and whether the ideas being presented can help. Input
from more operators would be great. (For completeness, I am a co-chair
of that working group.)
Yours,
Joel
On 11/8/2022 9:39 AM, Brian Turnbow via NANOG wrote:
Hi Mike
This may not exist yet, but what about a uRPF-like feature that uses RPKI, IRR,
etc. instead of current BGP feed?
There is rfc8704 that extends urpf
But I do not know of any commercial available solutions
Brian
