[107706] in North American Network Operators' Group
Re: an effect of ignoring BCP38
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Sep 11 14:07:46 2008
To: Jo Rhett <jrhett@netconsonance.com>
In-Reply-To: Your message of "Thu, 11 Sep 2008 10:25:01 PDT."
<96939A91-0239-4670-BF07-7F4D7C114633@netconsonance.com>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 11 Sep 2008 14:07:35 -0400
Cc: bmanning@vacation.karoshi.com, nanog@merit.edu, k claffy <kc@caida.org>
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1221156455_3036P
Content-Type: text/plain; charset=us-ascii
On Thu, 11 Sep 2008 10:25:01 PDT, Jo Rhett said:
> I don't agree with this statement. I hear this a lot, and it's not
> really true. Being multihomed doesn't mean that your source addresses
> are likely to be random. (or would be valid if they were)
>
> A significant portion of our customers, and *all* of the biggest
> paying ones, are multihomed. And they might have a lot of different
> ranges, but we know what the ranges are and filter on those.
The problem isn't your customers, it's *their* customers who also multihome
to somebody you peer with at 3 other locations.
AS1312 talks to AS7066, which talks to AS1239, and we talk to AS40220, which
talks to Level3 and AboveNet. Now - for each of your routers, what interfaces
*can* or *can't* see legitimate packets from us? Does your answer change if
something at MATP burps and loses its Lambdarail connection?
*That* is the use case that makes it difficult-to-impossible for the 'top 5'
to do anything resembling strict BCP38.
--==_Exmh_1221156455_3036P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFIyV5ncC3lWbTT17ARAhrmAKDOEezehGx7asG11tenlaOSF0JbCgCg9IUh
0qnpK8zMCfPRqpcD9CgA5JI=
=WC3N
-----END PGP SIGNATURE-----
--==_Exmh_1221156455_3036P--
