Hi Frank, Applying BCP38 at those level is more risky because of the sheer volume of transit & prefixes. For years, people have been working hard pushing the responsibility of BCP38 to outside their sandbox. You may remember one of those instance. ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 11/19/16 21:13, Frank Bulk wrote:
My google fu is failing me, but I believe there was a NANOG posting a year or two ago that mentioned that if the top x providers would implement BCP 38 then y% of the traffic (or Internet) would be de-spoofed. The point was that we don't even need everyone to implement BCP 38, but if the largest (transit?) providers did it, then UDP reflection attacks could be minimized.
If someone can recall the key words in that posting and dig it up, that would be much appreciated.
Frank