On Feb 5, 2014, at 2:12 AM, Jimmy Hess <mysidia@gmail.com> wrote:
On Wed, 05 Feb 2014 12:18:54 +1100, Mark Andrews said:
Now if we could get equipement vendors to stop shipping models without the necessary support it would help but that also may require government intervention. ...
A good start would be to get BCP38 revised to router the Host requirements RFCs, to indicate that ingress filtering should be considered mandatory on site-facing interfaces. ...
It's also true that if a sizable group of network operators were to actually deploy source address validation (thus proving that it really is a reasonable approach and doesn't carry too much operational or vendor implications), then it would be quite reasonable for those operators to bring the results to NANOG and get it recognized as a best current operating practice for networks of similar design/purpose.
If the standards documents still just call it a best practice.... what hope is there of having governments require it of the service providers that their networks are connected to, anyways?
There is a significant difference between a "best current practice" (BCP) document from the IETF (a technical standards body) versus one which actually reflects the well-considered best practices of a large network operator forum. The latter would be of some interest to governments (and groups of governments) when they ask for any options that might help with their growing spam and DDoS concerns... FYI, /John