[191721] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Request for comment -- BCP38

daemon@ATHENA.MIT.EDU (Stephen Satchell)
Mon Sep 26 10:50:44 2016

X-Original-To: nanog@nanog.org
To: North American Network Operators' Group <nanog@nanog.org>
From: Stephen Satchell <list@satchell.net>
Date: Mon, 26 Sep 2016 07:47:50 -0700
In-Reply-To: <78BDCC2C-0678-44F5-8367-0C89693F3F93@mykolab.com>
Errors-To: nanog-bounces@nanog.org

On 09/26/2016 07:11 AM, Paul Ferguson wrote:
> No -- BCP38 only prescribes filtering outbound to ensure that no
> packets leave your network with IP source addresses which are not
> from within your legitimate allocation.

So, to beat that horse to a fare-thee-well, to be BCP38 compliant I 
need, on every interface sending packets out to the internet, to block 
any source address matching a subnet in the BOGON list OR not matching 
any of my routeable network subnets?  Plus add null-route entries for 
all the BOGONs in my routing table so I don't send a bad destination 
packet to my upstream?


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[191721] in North American Network Operators' Group

Re: Request for comment -- BCP38

daemon@ATHENA.MIT.EDU (Stephen Satchell)Mon Sep 26 10:50:44 2016

daemon@ATHENA.MIT.EDU (Stephen Satchell)
Mon Sep 26 10:50:44 2016