[174802] in North American Network Operators' Group
Re: large BCP38 compliance testing
daemon@ATHENA.MIT.EDU (Barry Greene)
Thu Oct 2 07:29:24 2014
X-Original-To: nanog@nanog.org
From: Barry Greene <bgreene@senki.org>
In-Reply-To: <542D35BE.40304@ceriz.fr>
Date: Thu, 2 Oct 2014 18:29:04 +0700
To: =?iso-8859-1?Q?J=E9r=F4me_Nicolle?= <jerome@ceriz.fr>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_D0C2F1EA-3151-42DC-8845-28A5A5A5854A
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=windows-1252
On Oct 2, 2014, at 6:23 PM, J=E9r=F4me Nicolle <jerome@ceriz.fr> wrote:
>=20
>=20
> Le 02/10/2014 12:28, Nick Hilliard a =E9crit :
>> It would probably be more productive to pressurise transit providers =
to
>> enforce bcp38 on their customer links.
>=20
> This. But let me ask you, how many transit provider actually implement
> strict prefix-filtering ? I've seen many using a max-prefix as their
> sole defense.
>=20
> Now, let's consider what you want is to match an interface ACL to
> prefixes received on a BGP session runing through the same interface.
> Ain't that what uRPF-strict is all about ?
uRPF Strict mode is NOT a tool to use on the transit connections. It was =
built for the SP-Customer connections.=20
uRPF VRF mode _was_ built for the transit connections. You can take all =
the prefixes received from the peer and stick them into a VRF. You can =
then check all the incoming packet source addresses against that list. =
If there is no match, then it was not in the BGP advertisements.=20
--Apple-Mail=_D0C2F1EA-3151-42DC-8845-28A5A5A5854A
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJULTcBAAoJEFVuk3AWv0Xzr3AH/3uR1yoGAKCaQIw6DdsqewJr
xFxR+V5CeDw0uK+JpswX5YceuxVcoM84zHfmI9LFu5GpUPfwKGKLq2XA3D4j/i5A
IpYmSPfgxjXPgZGOvtatCInfozgbbfFixq0K8R6i+tS1wkjNOCziQga5icaRUptv
crLP33wPOh3V+VyR2VpfXSVvIML03ZB3cIsTg13apFCFLa2mcwPWEQh00xB0blDt
94XLQLVNwpNVwI9Uc2Ft/JDsoan3oCDSsEY2nQihT/r5mezF6u5bqYq9d111B30G
9DL37IH/+nRMPLuO+GWMtER42oBGadyBsjsTRSqtNrOvRjw+IQzmo7Ly9cCsIZk=
=AMDA
-----END PGP SIGNATURE-----
--Apple-Mail=_D0C2F1EA-3151-42DC-8845-28A5A5A5854A--
