[151647] in North American Network Operators' Group
Re: BCP38 Deployment
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Wed Mar 28 11:02:30 2012
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <CAPLDopJ8RmbcPVoUgmR+vXWkujYb_PEfpV19_K6qrorMu4FVJQ@mail.gmail.com>
Date: Wed, 28 Mar 2012 11:00:39 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 28, 2012, at 10:44 , Bingyang LIU wrote:
> I'm Bingyang Liu, a ph.d student in Tsinghua University. My thesis =
topic is
> on "source address validation".
>=20
> Although BCP38 was proposed more than ten years ago, IP spoofing still
> remains an attack vector [MIT-Spoofer] [ARBOR-Annual-Report] =
[Presentation
> on NANOG Meeting] [Discussion in NANOG ML].
>=20
> I did a lot investigation, but still have no idea why so many ISPs =
haven't
> deploy BCP38. I enumerate three reasons I found, and I'd like your =
comments
> very much.
>=20
> 1. Stub ASes: They rely on their providers to filter, so they won't =
deploy
> BCP38 on their own.
> 2. Low tier transit ASes: They are most likely to deploy BCP38 on the
> interfaces towards their customers.
> 3. Large or tier1 ASes: Their peers and customers are also large. So =
uRPF
> may have false positive and ACLs are too large to manage.
>=20
> I also asked some ISP guys in IETF today, they all agreed that IP =
spoofing
> is an issue, but they may haven't deployed it. One key issue, I think, =
is
> about incentive. i.e. you can filter, but you'll still receive =
spoofing
> from providers and peers who haven't enforced BCP38.
While those reasons are somewhat valid, they are not the main reasons.
#1) Money.
Whenever someone asks "why...?", the answer is usually "money". It =
costs money - CapEx if your equipment doesn't support RPF, and OpEx even =
if it does. Plus opportunity cost if your customers don't like it or =
you screw up, as those customers will find someone who doesn't filter =
and move.
#2) Laziness.
When the question is "why have [you|they] not...?", the second most =
common answer is laziness. Some call it "inertia", but reality is =
people are busy, lazy, etc.
Please note the complete lack of smilies or other indication I am =
kidding or being sarcastic.
There is also ignorance, stupidity, malice (yes, some people actually =
attack others or sell to those who do), etc.
--=20
TTFN,
patrick
