[151653] in North American Network Operators' Group
Re: BCP38 Deployment
daemon@ATHENA.MIT.EDU (David Conrad)
Wed Mar 28 11:46:51 2012
From: David Conrad <drc@virtualized.org>
In-Reply-To: <20120328151335.GA40955@ussenterprise.ufp.org>
Date: Wed, 28 Mar 2012 08:45:12 -0700
To: Leo Bicknell <bicknell@ufp.org>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Leo,
On Mar 28, 2012, at 8:13 AM, Leo Bicknell wrote:
>> #1) Money.
>> #2) Laziness.
> While Patrick is spot on, there is a third issue which is related
> to money and laziness, but also has some unique aspects.
>=20
> BCP38 makes the assumption that the ISP does some "configuration"
> to insure only properly sourced packets enter the network. That
> may have been true when BCP38 was written, but no longer accurately
> reflects how networks are built and operated.
An interesting assertion. I haven't looked at how end-user networks are =
built recently. I had assumed there continue to be customer aggregation =
points within ISP infrastructure in which BCP38-type filtering could =
occur. You're saying this is no longer the case? What has replaced it?
> BCP38 needs
> to be applied at the OEM level in equipment maufacturing, not at
> the operational level with ISP's.
I don't believe this is either/or. I agree that BCP38 features should =
be turned on by default in CPE, however I believe it really needs to be =
enforced at the ISP level.
> As long as folks keep beating on (consumer) ISPs to implement BCP38, =
nothing will happen.
Optimist.
Actually, given the uptick in spoofing-based DoS attacks, the ease in =
which such attacks can be generated, recent high profile targets of said =
attacks, and the full-on money pumping freakout about anything with =
"cyber-" tacked on the front, I suspect a likely outcome will be =
proposals for legislation forcing ISPs to do something like BCP38.=20
Regards,
-drc
