[191720] in North American Network Operators' Group
Re: Request for comment -- BCP38
daemon@ATHENA.MIT.EDU (Ken Chase)
Mon Sep 26 10:47:27 2016
X-Original-To: nanog@nanog.org
Date: Mon, 26 Sep 2016 10:47:24 -0400
From: Ken Chase <math@sizone.org>
To: Paul Ferguson <fergdawgster@mykolab.com>
In-Reply-To: <78BDCC2C-0678-44F5-8367-0C89693F3F93@mykolab.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
This might break some of those badly-behaving "dual ISP" COTS routers out there
that use different inbound from outbound paths since each is the fastest of
either link.
I did this manually when I was messing around with multiple broadband links on
a fbsd router years ago, was glad it worked at the time.
/kc
On Mon, Sep 26, 2016 at 07:11:42AM -0700, Paul Ferguson said:
>No -- BCP38 only prescribes filtering outbound to ensure that no packets leave your network with IP source addresses which are not from within your legitimate allocation.
>
> - ferg
>
>
>On September 26, 2016 7:05:49 AM PDT, Stephen Satchell <list@satchell.net> wrote:
>>Is this an accurate thumbnail summary of BCP38 (ignoring for the moment
>>
>>the issues of multi-home), or is there something I missed?
>>
>>> The basic philosophy of BCP38 boils down to two axioms:
>>>
>>> Don't let the "bad stuff" into your router
>>> Don't let the "bad stuff" leave your router
>>>
>>> The original definition of "bad stuff" is limited to source-
>>> address grooming both inbound and outbound. I've expanded on the
>>> original definition by including rule generation to control
>>> broadcast address abuse.
>
>--
>Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
Ken Chase - math@sizone.org Toronto Canada
