On 03/28/2012 09:16 AM, Leo Bicknell wrote:
In a message written on Wed, Mar 28, 2012 at 08:45:12AM -0700, David Conrad wrote:
An interesting assertion. I haven't looked at how end-user networks are built recently. I had assumed there continue to be customer aggregation points within ISP infrastructure in which BCP38-type filtering could occur. You're saying this is no longer the case? What has replaced it? Well, RFC3704 for one has updated the methods and tactics since BCP38 was written. Remember BCP38 was before even "unicast RPF" as we know it existed.
I'm not saying ISP's can't or couldn't do it, what I am saying, and RFC 3704 is repeating, is that it is cheaper/easier/faster and more reliable to do it as close to the edge as possible. "The edge" is not the edge of the ISP network, it is the edge of the entire network, that is the /last router in the topology/. Today that last router is owned and operated by the customer in most cases.
Yeahbut, the CPE isn't trusted. It would be _nice_ for customers to be bcp38 clueful as well, but I don't think it's _required_ for successful deployment from the ISP's standpoint. Even with a system like DOCSIS where the CPE is semi-trustworthy from a provisioning/etc standpoint, I don't think I'd _count_ on them. In any case, isn't RPF really cheap these days on edge aggregation routers? It's not like it's a new innovation or anything.
BCP38 was written when a point to point handoff to a single customer was standard, and that's easy to filter. Today a shared medium (like a cable modem network) is common and more importantly connects to more routers (home gateways), rathern than PC's. That's a funamental change since BCP38 was written.
DOCSIS was standardized in the mid to late 90's which more or less predates bcp 38, and it has always been able to handle multiple endpoints/modem. As I recall, there were specs for cable modem nics for individual machines, but they never took off. Mike