On Oct 28, 2009, at 7:14 AM, Valdis.Kletnieks@vt.edu wrote:
On Tue, 27 Oct 2009 16:57:17 PDT, Leslie said:
We're seeing a decent chunk of spam coming from an unallocated block of address space.
Fear not, this will end when we run out of IPv4 space not too many months down the road :)
I admit to remaining confused as to why we still keep seeing providers who fail to do basic due-diligence like BCP38 filtering of packets, or asking a new BGP peer what they expect to announce and then filter based on that. I mean, come on guys - sure they may be 6 cents a meg cheaper, but do you really want to buy connectivity from a provider that can't run their network in a proper fashion?
Don't answer that. ;)
I can answer the above question regarding BCP38: Vendor software defects and architecture limitations make it challenging to deploy a solution whereby BCP38 can be universally deployed. Customers that are unwilling to announce all their space also make uRPF problematic. I'd like to see 'loose-rpf' universally deployed myself. There is no reason for unrouted space to have packets sourced from it. This makes up a fair percentage of traffic that root/gtld nameservers see (based on conversations i've had with operators over the years). If you configure CPE devices and don't utilize anti-spoofing capabilities on the CPE-Lan, please add that to your templates. It is helpful to the internet as a whole, while you may not personally see return on your investment, others will. - Jared