nanog mailing list archives
Re: Request for comment -- BCP38
From: "Jay R. Ashworth" <jra () baylink com>
Date: Sun, 2 Oct 2016 01:39:10 +0000 (UTC)
----- Original Message -----
From: "Florian Weimer" <fw () deneb enyo de>
* Jason Iannone:
Are urpf and bcp38 interchangeable terms in this discussion? It seems impractical and operationally risky to implement two unique ways to dos customers. What are the lessons learned by operators doing static output filters, strict urpf, or loose/feasible urpf?Historically (in 1998, when RFC 2267 was released), BCP 38 was an egress filter applied at the AS boundary.
You meant ingress, no? The control of the address space allocation resides with the upstream, as must control of the filtering. You *can* do BCP38 egress filtering on your network, but that filter would *be in control of the Bad Guys* whom we're trying to kill off. The filtering needs to be on the other side of the administrative span of control fence. Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Current thread:
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- <Possible follow-ups>
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- Re: Request for comment -- BCP38 Jay R. Ashworth (Oct 01)
- Re: Request for comment -- BCP38 Florian Weimer (Oct 02)
- Re: Request for comment -- BCP38 Stephen Satchell (Oct 02)
- Re: Request for comment -- BCP38 Octavio Alvarez (Oct 02)
- Re: Request for comment -- BCP38 Jay Hennigan (Oct 02)