[191721] in North American Network Operators' Group
Re: Request for comment -- BCP38
daemon@ATHENA.MIT.EDU (Stephen Satchell)
Mon Sep 26 10:50:44 2016
X-Original-To: nanog@nanog.org
To: North American Network Operators' Group <nanog@nanog.org>
From: Stephen Satchell <list@satchell.net>
Date: Mon, 26 Sep 2016 07:47:50 -0700
In-Reply-To: <78BDCC2C-0678-44F5-8367-0C89693F3F93@mykolab.com>
Errors-To: nanog-bounces@nanog.org
On 09/26/2016 07:11 AM, Paul Ferguson wrote:
> No -- BCP38 only prescribes filtering outbound to ensure that no
> packets leave your network with IP source addresses which are not
> from within your legitimate allocation.
So, to beat that horse to a fare-thee-well, to be BCP38 compliant I
need, on every interface sending packets out to the internet, to block
any source address matching a subnet in the BOGON list OR not matching
any of my routeable network subnets? Plus add null-route entries for
all the BOGONs in my routing table so I don't send a bad destination
packet to my upstream?