I would assume that on a broadband grade connection it shouldn't work unless you have a niche player and proper LOA.
I would assume that on a BGP level circuit that it would work, again, given proper documentation (LOAs, IRRDB entry, etc.). IRRDBs make this wonderfully easier. By default, deny. Allow whatever is in the IRRDB entry. $250 for manual changes. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Hugo Slabbert" <h...@slabnet.com> To: "Mike Hammett" <na...@ics-il.net> Cc: "John Levine" <jo...@iecc.com>, nanog@nanog.org Sent: Monday, September 26, 2016 11:21:55 AM Subject: Re: Request for comment -- BCP38 On Mon 2016-Sep-26 11:15:11 -0500, Mike Hammett <na...@ics-il.net> wrote: >> >>----- Original Message ----- >> >>From: "John Levine" <jo...@iecc.com> >>To: nanog@nanog.org >>Sent: Monday, September 26, 2016 11:04:33 AM >>Subject: Re: Request for comment -- BCP38 >> >>>If you have links from both ISP A and ISP B and decide to send traffic out >>>ISP A's link sourced from addresses ISP B allocated to you, ISP A *should* >>>drop that traffic on the floor. There is no automated or scalable way for >>>ISP A to distinguish this "legitimate" use from spoofing; unless you >>>consider it scalable for ISP A to maintain thousands if not more >>>"exception" ACLs to uRPF and BCP38 egress filters to cover all of the cases >>>of customers X, Y, and Z sourcing traffic into ISP A's network using IPs >>>allocated to them by other ISPs? >> >>I gather the usual customer response to this is "if you don't want our >>$50K/mo, I'm sure we can find another ISP who does." >> >>From the conversations I've had with ISPs, the inability to manage >>legitimate traffic from dual homed customer networks is the most >>significant bar to widespread BCP38. I realize there's no way to do >>it automatically now, but it doesn't seem like total rocket science to >>come up with some way for providers to pass down a signed object to >>the customer routers that the routers can then pass back up to the >>customer's other providers. >> >>R's, >>John >> >>PS: "Illegitimate" is not a synonym for inconvenient, or hard to handle. >> >Are you talking BGP level customers or individual small businesses' >broadband service? I myself am talking about the latter and included the option of PI space to cover that (although I guess at some point this can be made fly with PA space from another provider if both providers are willing enough to play ball), though from the $50/mo figure John listed, I'm assuming he's talking about the latter. Do people really expect to be able to do this on residential or small business broadband networks? I can't remember any time in recent memory where I assumed I could set a source address to any IP I fancy and have that packet successfully make its way through the SP's network. > >----- >Mike Hammett >Intelligent Computing Solutions >http://www.ics-il.com > >Midwest-IX >http://www.midwest-ix.com -- Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com pgp key: B178313E | also on Signal
