[153716] in North American Network Operators' Group
Whither Cometh BCP38?
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Mon Jun 11 11:15:24 2012
Date: Mon, 11 Jun 2012 11:13:22 -0400 (EDT)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Off a comment Vix made in another thread this weekend, what is the current
status, to the degree to which anyone knows and is permitted to say, of
the deployment of RFC 3704, BCP 38, to block IP address spoofing at the
ingress edge of large consumer eyeball networks?
When the BCP was first release, as I recall it, much noise was made to
suggest that it was cost-ineffective and impractical to deploy it because
the current state of edge devices was such that it wasn't a simple knob-turn.
Is that still true (or not, as I expect), and if common edge concentrators
do now support easy filtering to drop packets with improper or invalid
source addresses, is this being utilized in the wide area...
and if not, why the hell not?
Or are spoofed-source-address attacks not, as Vix suggests, significant
and trending upwards?
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
