On 03/28/2012 09:16 AM, Leo Bicknell wrote:
In a message written on Wed, Mar 28, 2012 at 08:45:12AM -0700, David Conrad
wrote:
An interesting assertion. I haven't looked at how end-user networks are built
recently. I had assumed there continue to be customer aggregation points
within ISP infrastructure in which BCP38-type filtering could occur. You're
saying this is no longer the case? What has replaced it?
Well, RFC3704 for one has updated the methods and tactics since BCP38
was written. Remember BCP38 was before even "unicast RPF" as we know it
existed.
I'm not saying ISP's can't or couldn't do it, what I am saying, and
RFC 3704 is repeating, is that it is cheaper/easier/faster and more
reliable to do it as close to the edge as possible. "The edge" is
not the edge of the ISP network, it is the edge of the entire
network, that is the /last router in the topology/. Today that
last router is owned and operated by the customer in most cases.
Yeahbut, the CPE isn't trusted. It would be _nice_ for customers
to be bcp38 clueful as well, but I don't think it's _required_ for
successful deployment from the ISP's standpoint. Even with a
system like DOCSIS where the CPE is semi-trustworthy from a
provisioning/etc standpoint, I don't think I'd _count_ on them.
In any case, isn't RPF really cheap these days on edge aggregation
routers? It's not like it's a new innovation or anything.
BCP38 was written when a point to point handoff to a single customer was
standard, and that's easy to filter. Today a shared medium (like a
cable modem network) is common and more importantly connects to more
routers (home gateways), rathern than PC's. That's a funamental change
since BCP38 was written.
DOCSIS was standardized in the mid to late 90's which more or
less predates bcp 38, and it has always been able to handle multiple
endpoints/modem. As I recall, there were specs for cable modem
nics for individual machines, but they never took off.
Mike
