On 3/27/2013 10:25 AM, Mark Andrews wrote:
Technologies change. Concepts rarely do. BCP38 is technology neutral. If we follow that, we should just state "Don't allow spoofed IP Addresses!" and leave it to the individual to figure it out. BCP38 leaves that premise by mentioning ingress filtering as well as mentioning some issues with DHCP. If nothing else, it should have an extensive appendix to point people to the correct documentation for implementation.
EGRESS filters are just INGRESS filters applied a couple of hops later.
They are not, and I can think of quite a few people who would stare blankly at you for making such a statement. Of course, I can think of plenty of people who we'd like to see implementing BCP38 concepts that would need you to define ingress and egress. Fact: Ignorance is abound on the Internet, even in the running of networks. If you want a solid change, we're going to have to educate people; especially those who are not on NANOG, don't know about the IETF, and have never heard of an RFC or BCP. Jack