On 3/27/2013 9:23 AM, Jay Ashworth wrote:
Is BCP38 *not* well enough though out even for large and medium sized carriers to adopt as contractual language, much less for FCC or someone to impose upon them? If so, we should work on it further.
BCP38 could definitely use some work. It is correct as a general concept. It does not go into depth of the different available technologies and how they might be of use. For example, dhcp is nice, but it usually requires uRPF (sometimes with exceptions) depending on the vendor. If BGP filters are being applied, it is usually not hard to apply packet filtering according to the same route filters. Some NSPs use traditional ingress filtering, while others have uRPF enabled with exception lists. Some require that you send all networks, but set communities for networks you don't want routed yet allowed via uRPF (which usually means anyone connected to the same router as you will still route your way). It's also not a bad idea for an ISP to deploy EGRESS filters if they do not offer BGP Transit services. This way they are not depending on their transit providers to handle spoof protection and they cover their entire network regardless of last mile ingress filtering. This doesn't generally work well when doing transit services of any size due to the number of egress filter updates you'd have to issue, but it is great for the small/medium ISP. Jack