 
            On 9/23/17, 1:51 AM, "nanog-bounces@nanog.org on behalf of valdis.kletnieks@vt.edu" <nanog-bounces@nanog.org on behalf of valdis.kletnieks@vt.edu> wrote:
On Sat, 23 Sep 2017 08:47:32 +1000, Mark Andrews said:
You know CPE devices are routers. They can tell you what routes DHCP has given them. That annoucement could be cryptographically authenticated.
This is, of course, a lot easier if the CPE already has onboard the needed software to do that, or you have the ability to push it out.
Right. How many residential market gateways support any routing protocol at all? How many support RIPv2? How many support RIPng. Being routers does not mean they support any dynamic routing protocol. If I were an ISP, I would be very skeptical of the return on adding routing support to every gateway I supported, plus an RPKI.
Is anybody from Comcast or other eyeball network willing to say (even roughly) what percent of CPE is gear they supply, versus gear that people get at Best Buy or Walmart and just plug in, versus (if they can identify it) gear that's been reflashed by clued customers?
It varies 0-100% based on network, year, and the mood of whoever makes the decision about how to handle CPE. Some ISPs provide a gateway to all of their customers, and some of those customers then put them into bridged mode. (I think Vz FiOS, for instance, always comes with a gateway). Some provide a gateway for free, which may be worth much more or less than you paid for it, depending on the philosophy of the ISP. Some assume you want a gateway and charge you several dollars a month for it. Lee