On Oct 28, 2009, at 7:14 AM, valdis.kletni...@vt.edu wrote:
On Tue, 27 Oct 2009 16:57:17 PDT, Leslie said:
We're seeing a decent chunk of spam coming from an unallocated
block of
address space.
Fear not, this will end when we run out of IPv4 space not too many
months
down the road :)
I admit to remaining confused as to why we still keep seeing
providers who fail
to do basic due-diligence like BCP38 filtering of packets, or asking
a new BGP
peer what they expect to announce and then filter based on that. I
mean, come
on guys - sure they may be 6 cents a meg cheaper, but do you really
want to buy
connectivity from a provider that can't run their network in a
proper fashion?
Don't answer that. ;)
I can answer the above question regarding BCP38:
Vendor software defects and architecture limitations make it
challenging to deploy a solution whereby BCP38 can be universally
deployed.
Customers that are unwilling to announce all their space also make
uRPF problematic. I'd like to see 'loose-rpf' universally deployed
myself. There is no reason for unrouted space to have packets sourced
from it. This makes up a fair percentage of traffic that root/gtld
nameservers see (based on conversations i've had with operators over
the years).
If you configure CPE devices and don't utilize anti-spoofing
capabilities on the CPE-Lan, please add that to your templates. It is
helpful to the internet as a whole, while you may not personally see
return on your investment, others will.
- Jared
