[191725] in North American Network Operators' Group
Re: Request for comment -- BCP38
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Mon Sep 26 11:04:00 2016
X-Original-To: nanog@nanog.org
From: Paul Ferguson <fergdawgster@mykolab.com>
In-Reply-To: <3da98299-58bd-fee2-168d-56e680a81720@satchell.net>
Date: Mon, 26 Sep 2016 07:58:39 -0700
To: Stephen Satchell <list@satchell.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_484BEA16-19CD-4C25-9C1C-12BBE4014562
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
> On Sep 26, 2016, at 7:47 AM, Stephen Satchell <list@satchell.net> =
wrote:
>=20
> On 09/26/2016 07:11 AM, Paul Ferguson wrote:
>> No -- BCP38 only prescribes filtering outbound to ensure that no
>> packets leave your network with IP source addresses which are not
>> from within your legitimate allocation.
>=20
> So, to beat that horse to a fare-thee-well, to be BCP38 compliant I =
need, on every interface sending packets out to the internet, to block =
any source address matching a subnet in the BOGON list OR not matching =
any of my routeable network subnets? Plus add null-route entries for =
all the BOGONs in my routing table so I don't send a bad destination =
packet to my upstream?
BCP38 only provides for disallowing spoofed packets into the Internet. =
Any additional filtering against bosons, etc., are probably a good idea, =
just not including specifically in BCP38.
- ferg
=E2=80=94
Paul Ferguson
ICEBRG.io
Seattle, Washington, USA
--Apple-Mail=_484BEA16-19CD-4C25-9C1C-12BBE4014562
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iF4EAREKAAYFAlfpN6MACgkQKJasdVTchbIUfQD+MLBrBGVFT+iY2c3uLXZgM059
AFpEDJI5OQe0m56rPpYA/1ijtvNpnEbJ+reE0wPehMINw1hELyRZ3NMXygTjJs8O
=k031
-----END PGP SIGNATURE-----
--Apple-Mail=_484BEA16-19CD-4C25-9C1C-12BBE4014562--
