In message <515309ec.4070...@brightok.net>, Jack Bates writes: > On 3/27/2013 9:23 AM, Jay Ashworth wrote: > > Is BCP38 *not* well enough though out even for large and medium sized > > carriers to adopt as contractual language, much less for FCC or > > someone to impose upon them? If so, we should work on it further. > > BCP38 could definitely use some work. It is correct as a general > concept. It does not go into depth of the different available > technologies and how they might be of use. For example, dhcp is nice, > but it usually requires uRPF (sometimes with exceptions) depending on > the vendor. If BGP filters are being applied, it is usually not hard to > apply packet filtering according to the same route filters. Some NSPs > use traditional ingress filtering, while others have uRPF enabled with > exception lists. Some require that you send all networks, but set > communities for networks you don't want routed yet allowed via uRPF > (which usually means anyone connected to the same router as you will > still route your way).
Technologies change. Concepts rarely do. BCP38 is technology neutral. > It's also not a bad idea for an ISP to deploy EGRESS filters if they do > not offer BGP Transit services. This way they are not depending on their > transit providers to handle spoof protection and they cover their entire > network regardless of last mile ingress filtering. This doesn't > generally work well when doing transit services of any size due to the > number of egress filter updates you'd have to issue, but it is great for > the small/medium ISP. EGRESS filters are just INGRESS filters applied a couple of hops later. > Jack -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
