Re: BCP38 Deployment

[David Conrad <drc () virtualized org>]

Leo,

On Mar 28, 2012, at 8:13 AM, Leo Bicknell wrote:
> > #1) Money.
> > #2) Laziness.

> While Patrick is spot on, there is a third issue which is related
> to money and laziness, but also has some unique aspects.
>
> BCP38 makes the assumption that the ISP does some "configuration"
> to insure only properly sourced packets enter the network.  That
> may have been true when BCP38 was written, but no longer accurately
> reflects how networks are built and operated.

An interesting assertion.  I haven't looked at how end-user networks are built recently.  I had assumed there continue 
to be customer aggregation points within ISP infrastructure in which BCP38-type filtering could occur.  You're saying 
this is no longer the case?  What has replaced it?

> BCP38 needs

> to be applied at the OEM level in equipment maufacturing, not at
> the operational level with ISP's.

I don't believe this is either/or.  I agree that BCP38 features should be turned on by default in CPE, however I 
believe it really needs to be enforced at the ISP level.

> As long as folks keep beating on (consumer) ISPs to implement BCP38, nothing will happen.


Optimist.

Actually, given the uptick in spoofing-based DoS attacks, the ease in which such attacks can be generated, recent high 
profile targets of said attacks, and the full-on money pumping freakout about anything with "cyber-" tacked on the 
front, I suspect a likely outcome will be proposals for legislation forcing ISPs to do something like BCP38. 

Regards,
-drc