I asked:
Who among AS1239, AS701, AS3356, AS7018, AS209 does loose RPF (not just strict RPF on single-homed customers)?
and Patrick answered:
I'm wondering why that is relevant.
It's relevant because it was suggested that loose RPF should be a "best common practice" so I was curious which of those ASes decided that the benefits outweighed the negatives and actually do it. Don't worry, those were randomly chosen AS. I didn't intend to make any suggestion that the answer would be more important to me for that set of ASes than any other. But, you were correct that I wasn't asking the question I really wanted answered. What I wanted to know was, among the attentive nanog membership, which of you think and/or know that any/all of those AS do loose RPF? The motivation here is that, if asked last week, I would have guessed that none of them run loose RPF. But at least one of them does. The two answers, how many actually do plus whether everyone knew it, will help me decide if I need to spend more time reading nanog email and nanog proceedings (or actually go to a meeting), or not... Thanks, -mark
On Sep 26, 2006, at 11:57 AM, Mark Kent wrote:
I asked:
Who among AS1239, AS701, AS3356, AS7018, AS209 does loose RPF (not just strict RPF on single-homed customers)?
and Patrick answered:
I'm wondering why that is relevant.
It's relevant because it was suggested that loose RPF should be a "best common practice" so I was curious which of those ASes decided that the benefits outweighed the negatives and actually do it. Don't worry, those were randomly chosen AS. I didn't intend to make any suggestion that the answer would be more important to me for that set of ASes than any other.
The actual practices of a network are not necessarily a way to look at what best common practices should be. For instance, how many networks are in full compliance with BCP38? Or are you arguing that since essentially no one is compliant, we should scrap the BCP?
But, you were correct that I wasn't asking the question I really wanted answered. What I wanted to know was, among the attentive nanog membership, which of you think and/or know that any/all of those AS do loose RPF?
The motivation here is that, if asked last week, I would have guessed that none of them run loose RPF. But at least one of them does. The two answers, how many actually do plus whether everyone knew it, will help me decide if I need to spend more time reading nanog email and nanog proceedings (or actually go to a meeting), or not...
Good question. <waits for answers> -- TTFN, patrick
On Tue, Sep 26, 2006 at 01:41:52PM -0400, Patrick W. Gilmore wrote:
For instance, how many networks are in full compliance with BCP38?
I've been working towards this on our network for some time but have been hindered by vendor.. uhm, features^Wbugs. eg: halving the TCAM with rpf enabled, one mode globally (loose vs strict) and other challenges. It is hard to imagine that we'll reach that point but that doesn't mean it's not a goal.
Or are you arguing that since essentially no one is compliant, we should scrap the BCP?
But, you were correct that I wasn't asking the question I really wanted answered. What I wanted to know was, among the attentive nanog membership, which of you think and/or know that any/all of those AS do loose RPF?
The motivation here is that, if asked last week, I would have guessed that none of them run loose RPF. But at least one of them does. The two answers, how many actually do plus whether everyone knew it, will help me decide if I need to spend more time reading nanog email and nanog proceedings (or actually go to a meeting), or not...
Good question.
Well, digging out messages from archives.... http://www.merit.edu/mail.archives/nanog/2002-05/msg00289.html These features have been available in some form since at least 2002. That has given people at least a 4 year window of time to consider how much to reduce the (quoting barry) "noise" on the internet. I recall hearing of various root-server operators about what percentage of the packets they get they just can't respond to. This noise has cost to the common infrastructure that is used globally. You wouldn't believe which GTLD operator tried to spin up some government agencies about how bad the reflector attacks were to their infrastructure. It could be interpreted that they wanted a government subsidy to cover these increased infrastructure costs they would have to incur to handle the traffic. This is just one example (recently) of what happens without filters in-place. Not everyone on the list provides access to US Gov't agencies, but if they changed their purchasing to only acquire access from BCP38 compliant providers, would that impact the way you did business? Would it get <insert-long-list-of-asns> to change their network practices and hardware? I think any reasonable (market based) approaches to help nudge things in the right direction is better than if we were to hear the dreaded "R" word. That would not be a good situation for most of us. There are plenty that will advocate all sorts of positions, and it's honestly up to us to do the right thing for the right reasons otherwise we may see an even more imperfect solution come our ways. - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
participants (3)
-
Jared Mauch -
Mark Kent -
Patrick W. Gilmore