[191723] in North American Network Operators' Group
Re: Request for comment -- BCP38
daemon@ATHENA.MIT.EDU (Elmar K. Bins)
Mon Sep 26 10:57:03 2016
X-Original-To: nanog@nanog.org
Date: Mon, 26 Sep 2016 16:55:35 +0200
From: "Elmar K. Bins" <elmi@4ever.de>
To: North American Network Operators' Group <nanog@nanog.org>
Mail-Followup-To: "Elmar K. Bins" <elmi@4ever.de>,
North American Network Operators' Group <nanog@nanog.org>
In-Reply-To: <3da98299-58bd-fee2-168d-56e680a81720@satchell.net>
Errors-To: nanog-bounces@nanog.org
Re Stephen,
> So, to beat that horse to a fare-thee-well, to be BCP38 compliant I need, on
> every interface sending packets out to the internet, to block any source
> address matching a subnet in the BOGON list OR not matching any of my
> routeable network subnets? Plus add null-route entries for all the BOGONs
> in my routing table so I don't send a bad destination packet to my upstream?
The correct way to implement this is
- outgoing permit my allocated address blocks as source addresses
- outgoing deny EVERYTHING (else)
Elmar.
