nanog mailing list archives

Re: Cogent BCP-38

From: Robert Blayzor <rblayzor.bulk () inoc net>
Date: Tue, 29 Aug 2017 08:41:12 -0400

On 29 August 2017 at 03:38, Robert Blayzor <rblayzor.bulk () inoc net> wrote:

Well not completely useless. BCP will still drop BOGONs at the edge before they leak into your network.


Assuming you don't use them in your own infra. And cost of RPF is lot
higher than cost of ACL. Them being entirely static entities they
should be in your edgeACL. The only real justification for loose RPF
is source based blackholing.

-- 
 ++ytti



Well, if you are using public IP addresses for infra you are violating your RIR’s policy more than likely. And if 
you’re using RFC1918 space in your global routing table, then thats another fiasco you’ll have to deal with. Managing 
ACL’s for customer routes has far more overhead (and cost, ie: time, human error, etc) than to just use RPF on an edge 
port. I believe the OP was talking about multi-homed, in that case if run a tight ship in your network RPF loose is 
probably a good choice. It at least gives you an easy way to not accept total trash at the edge. 

--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP:  https://inoc.net/~rblayzor/

Current thread:

Cogent BCP-38 Ben Russell (Aug 16)
- Re: Cogent BCP-38 chris (Aug 16)
  - Re: Cogent BCP-38 Mikael Abrahamsson (Aug 16)
    - Re: Cogent BCP-38 Mike Hammett (Aug 17)
    - Re: Cogent BCP-38 William Herrin (Aug 17)
    - Re: Cogent BCP-38 Saku Ytti (Aug 17)
    - Re: Cogent BCP-38 Robert Blayzor (Aug 28)
    - Re: Cogent BCP-38 Saku Ytti (Aug 29)
    - Re: Cogent BCP-38 Robert Blayzor (Aug 29)
    - Re: Cogent BCP-38 Job Snijders (Aug 29)
    - Re: Cogent BCP-38 Rob Evans (Aug 29)
    - Re: Cogent BCP-38 Sander Steffann (Aug 30)
  - Re: Cogent BCP-38 Alain Hebert (Aug 17)
- Re: Cogent BCP-38 marcel.duregards--- via NANOG (Aug 31)