[168969] in North American Network Operators' Group
BCP38 (was: Re: Why won't providers source-filter attacks? Simple.)
daemon@ATHENA.MIT.EDU (John Curran)
Fri Feb 7 15:38:25 2014
From: John Curran <jcurran@arin.net>
To: NANOG list <nanog@nanog.org>
Date: Fri, 7 Feb 2014 20:37:49 +0000
In-Reply-To: <CAAAwwbUsfXu0o4E7NGuS7XuRDo8S8kS9u1f_vQXhNmqEhRC1EQ@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 5, 2014, at 2:12 AM, Jimmy Hess <mysidia@gmail.com> wrote:
>> On Wed, 05 Feb 2014 12:18:54 +1100, Mark Andrews said:
>>> Now if we could get equipement vendors to stop shipping models
>>> without the necessary support it would help but that also may require
>>> government intervention.
>>> ...
>=20
> A good start would be to get BCP38 revised to router the Host
> requirements RFCs, to indicate that ingress filtering should be
> considered mandatory on site-facing interfaces.
> ...
It's also true that if a sizable group of network operators were to actuall=
y=20
deploy source address validation (thus proving that it really is a reasonab=
le=20
approach and doesn't carry too much operational or vendor implications),=20
then it would be quite reasonable for those operators to bring the results=
=20
to NANOG and get it recognized as a best current operating practice for=20
networks of similar design/purpose.
> If the standards documents still just call it a best practice.... what
> hope is there of having governments require it of the service providers
> that their networks are connected to, anyways?
There is a significant difference between a "best current practice" (BCP)
document from the IETF (a technical standards body) versus one which actual=
ly
reflects the well-considered best practices of a large network operator for=
um. =20
The latter would be of some interest to governments (and groups of governme=
nts)
when they ask for any options that might help with their growing spam and D=
DoS=20
concerns...
FYI,
/John
