----- Original Message -----
From: "Joel Halpern" <jmh@joelhalpern.com> To: "Brian Turnbow" <b.turnbow@twt.it> Cc: nanog@nanog.org Sent: Tuesday, November 8, 2022 10:03:20 AM Subject: Re: BCP38 For BGP Customers
There is work a tthe IETF on an addon to RPKI called ASPA. There is a draft that describes how the combiantion of ASPA and RPKI can be used to help with DDOS prevention.
There is also a working group at the IETF called SAVNET that is looking at what technological additions can be made to address the shortcomings in BCP 38. In fairness, there is distinct disagreement as to what those shortcomings are, and whether the ideas being presented can help. Input from more operators would be great. (For completeness, I am a co-chair of that working group.)
Wait; people are actually trying to implement BCP38, still? :-} Cheers, -- jra
On 11/8/2022 9:39 AM, Brian Turnbow via NANOG wrote:
This may not exist yet, but what about a uRPF-like feature that uses RPKI, IRR, etc. instead of current BGP feed?
There is rfc8704 that extends urpf But I do not know of any commercial available solutions
-- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274