[192800] in North American Network Operators' Group
Re: BCP 38 coverage if top x providers ...
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Nov 22 10:46:15 2016
X-Original-To: nanog@nanog.org
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <002e01d242d3$a5a348c0$f0e9da40$@iname.com>
Date: Tue, 22 Nov 2016 10:44:09 -0500
To: Frank Bulk <frnkblk@iname.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> On Nov 19, 2016, at 9:13 PM, Frank Bulk <frnkblk@iname.com> wrote:
>=20
> My google fu is failing me, but I believe there was a NANOG posting a =
year
> or two ago that mentioned that if the top x providers would implement =
BCP 38
> then y% of the traffic (or Internet) would be de-spoofed. The point =
was
> that we don't even need everyone to implement BCP 38, but if the =
largest
> (transit?) providers did it, then UDP reflection attacks could be =
minimized.
>=20
> If someone can recall the key words in that posting and dig it up, =
that
> would be much appreciated.
If you assume 80% of traffic comes out of your local CDN node, that =
remaining 20%
may not be too difficult for you to do something with. The problem =
appears because
various engineering thresholds that existed in the 90s have been =
violated.
40(64) byte packet testing is no longer the norm by vendors. Those of =
us who carry
a full table and are expected to provide all the features are the =
minority in
purchasing equipment by volume and revenue so the push is harder. A =
double lookup
of the packet is twice as expensive and perhaps impractical in some (or =
many) cases.
- Jared=
