The problem is that BCP38 assumes that the ISP does some configuration to ensure only properly sourced packets enter their network, which doesn't really work unless you have a perfectly symmetrical network …. and not many ISPs do
What needs to happen with BCP38/uRPF is that it needs to be burned into the consumer CPE, ISPs certainly need to enforce it on their customers connections but this needs to happen at the OEM level directly at manufacturing .. not at the ISP level (at least initially). If unicast RPF were a default part of the configuration of end user CPE we'd see a dramatic reduction in this sort of crap killing the networks. (but yes they'd probably find some even more ingenious way to generate crap) The manufacturers can sell uRPF as a plus point (a feature no less!) … Most (if not all) ISPs already filter bogons on their networks, and uRPF doesn't do much more than that in loose mode - which is what most ISPs will need to run in order to avoid dropping legitimate packets as far as I can see … Of course I stand to be corrected :) Jon On 31 Jan 2013, at 14:32, Keith Mitchell <[email protected]> wrote: > The real cure for this kind of problem is for ISPs to deploy BCP38, but > that's been pending for a decade or two now :-(
