[191785] in North American Network Operators' Group
Re: Request for comment -- BCP38
daemon@ATHENA.MIT.EDU (Florian Weimer)
Tue Sep 27 09:10:56 2016
X-Original-To: nanog@nanog.org
From: Florian Weimer <fw@deneb.enyo.de>
To: Stephen Satchell <list@satchell.net>
Date: Tue, 27 Sep 2016 15:08:49 +0200
In-Reply-To: <7b2b0b6e-58ed-7f3a-f575-2f130942cdee@satchell.net> (Stephen
Satchell's message of "Tue, 27 Sep 2016 04:34:15 -0700")
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
* Stephen Satchell:
> Given a single local inside network with:
> * multiple uplink providers (typical multi-home situation)
> * multiple edge routers, each connected to an upstream via a public
> routeable /30, and each further connected to the downstream inside
> network
> * 50 subnets (to pick a number) of routeable IP address space
> downstream from the edge routers, with routing announcements to the
> world that direct packets back to the edge routers
>
> BCP38 demands that ANY packet leaving ANY edge router to the upstream
> MUST have a source address:
> * within the 50 inside public route-able subnets, or
> * within a list of "my" addresses in the public /30 subnets.
>
> True statement?
This depends on the agreements with the upstream providers. They
might reasonably exclude their own /30 they provided to you and the
/30s from the other providers.
In general, packets from the /30s would not travel far anyway because
they would wail source address verification checks at the upstream
provider. Some providers also use globally unique, but unrouted
addresses for transfer networks, for infrastructure protection
purposes.
