Guys, You're getting wrapped around the axle. Start by solving the 90% problem, and worry about the 10% one later. BGP38 addresses the former very well, and the other 10% requires enough manual labor already that you can charge it back.
Eliot On 9/26/16 8:44 PM, Laszlo Hanyecz wrote: > > > On 2016-09-26 18:03, John Levine wrote: >>>>> If you have links from both ISP A and ISP B and decide to send >>>>> traffic >>>>> out ISP A's link sourced from addresses ISP B allocated to you, ISP A >>>>> *should* drop that traffic on the floor. >>>> This is a legitimate and interesting use case that is broken by BCP38. >>> I don't agree that this is legitimate. >>> >>> Also we're talking about typical mom & pop home users here. >> There are SOHO modems that will fall back to a second connection if >> the primary one fails, but that's not what we're talking about here. >> >> The customers I'm talking about are businesses large enough to have >> two dedicated upstreams, and a chunk of address spaced SWIP'ed from >> each. Some run BGP but I get the impression as likely as not they >> have static routes to the two upstreams. >> >> For people who missed it the last time, I said $50K/mo, not $50/mo. >> Letters matter. > > This doesn't have to be $50k/mo though. If the connections weren't > source address filtered for BCP38 and you could send packets down > either one, the CPE could simply start with 2 default routes and take > one out when it sees a connection go down. This could work with a > cable + DSL connection even. It would be easy to further refine which > connection to use for a particular service by simply adding a specific > route for that service's address. This would be a lot better than > having to restart everything after one of the connections fails. > This would provide functionality similar to the BGP setup without any > additional work from the service provider. People can't build CPE > software that does this type of connection balancing because they > can't rely on this working due to BCP38 implementation. In my > experience the only way you can get people to stop source address > filtering is if you mention BGP, but BGP shouldn't be required to do > this. > > -Laszlo > >> >> R's, >> John >> > >
signature.asc
Description: OpenPGP digital signature
