BCP38 thread 93,871,738,435 (was Re: register.com down sev0?)

This would appear, on its face, to be an easy exercise in educating
the IPSs in the foodchain.

Is there reasonable enough interest with NANOG to do that? If so,
I volunteer to workshop at the next NANOG.

But only if there is reasonable consensus to that effect. Or someone
else could do it, too.

The point I'm trying to make is that if the community thinks it
is valuable, then the path is clear.

If not, then...

- ferg

The only data I have is from the MIT anti-spoofing test project which
has been pretty consistent for a long time. About 75%-80% of the nets,
addressses, ASNs tests couldn't spoof, and about 20%-25% could.

The geo-location maps don't show much difference between parts of
the world. RIPE countries don't seem to be better or worse than ARIN
countries or APNIC countries or so on. ISPs on every continent seem
to be about the same.

http://spoofer.csail.mit.edu/summary.php

If someone finds the silver bullet that will change the remaining 25% or
so of networks, I think ISPs on every continent would be interested.

What is the biggest problem to solve? Would it be enough for ISPs to make sure that they will not send out packets which didn't belong within their PA blocks, or is it that one user shouldn't be able to spoof at all (even IPs adjacant to their own)? Would the global problem go away if global spoofing stopped working?

I of course realise that it's best if user cannot spoof at all, but it might be easier for ISPs to filter based on their PA blocks than to (in some cases) purchase new equipment to replace their current equipment that cannot do IP spoof filtering.

do your customers:
1) not bring their own ip space?
2) always advertise to you their ip space?