nanog mailing list archives

Re: BCP38 tester?

From: Jimmy Hess <mysidia () gmail com>
Date: Tue, 2 Apr 2013 03:33:37 -0500

On 4/1/13, Jay Ashworth <jra () baylink com> wrote:

It would just be way too much luck and convenience for that to happen
by coincidence.


Once in a while, you win.


The trouble with winning by coincidence or winning as a side-effect...
Do you keep winning?

What happens with IPv6 CPE devices,  when there is no NAT?
No translation occurs, so possibly  rogue source IP packets get
through,  unless the device specifically applies uRPF  or clamping
source addresses to the LAN interface subnet.

It would be nice if the RFCs specified Ingress filtering by default in
router requirements for IPv4 and IPv6, as a MUST requirement;  instead
of  some   2nd class citizen, optional  best practices document.

By specifying ingress as the default, it then becomes an implementor
responsibility to understand when and where in their network they have
to override the default for things to work properly,  when it is safe
to,   and where the filtering is required.

--
-JH

Current thread:

Re: BCP38 tester? Dobbins, Roland (Apr 01)
- <Possible follow-ups>
- Re: BCP38 tester? Karl Auer (Apr 01)
  - Re: BCP38 tester? Dobbins, Roland (Apr 01)
  - Re: BCP38 tester? Jimmy Hess (Apr 01)
    - Re: BCP38 tester? Jay Ashworth (Apr 01)
    - Re: BCP38 tester? Matt Palmer (Apr 01)
    - Re: BCP38 tester? Jimmy Hess (Apr 02)
    - Re: BCP38 tester? Jay Ashworth (Apr 02)
  - Re: BCP38 tester? Alain Hebert (Apr 01)
    - Re: BCP38 tester? Valdis . Kletnieks (Apr 01)
    - Re: BCP38 tester? Alain Hebert (Apr 01)
- Re: BCP38 tester? Peter Baldridge (Apr 01)
  - Message not available
    - Re: BCP38 tester? Peter Baldridge (Apr 01)
- Re: BCP38 tester? Jima (Apr 01)
  - Re: BCP38 tester? Alain Hebert (Apr 01)
- Re: BCP38 tester? Jay Ashworth (Apr 01)
- RE: BCP38 tester? Frank Bulk (iname.com) (Apr 01)