[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BCP38 is hard, was TWC (AS11351) blocking all NTP?

Subject: BCP38 is hard, was TWC (AS11351) blocking all NTP?
From: marka at isc.org (Mark Andrews)
Date: Wed, 05 Feb 2014 11:48:06 +1100
In-reply-to: Your message of "05 Feb 2014 00:29:05 -0000." <[email protected]>
References: <[email protected]>

In message <20140205002905.57856.qmail at joyce.lan>, "John Levine" writes:
> >Why does it have to be hard? Restricting the filter to addresses which
> >(A) the customer asserts are theirs 
> 
> How does the customer do that in a way that scales?

You implement SIDR to the extent where you issue your multi homed
customers CERTs for the address space you allocated to them.  The
customer can then just send signed requests to a automated service
at the other ISPs along with the CERT which then builds the filters
based on that information after verifying the CERTs authenticity.

Now all of the above is completely automatable including the CERT
generation.  Yes, it requires someone to write a implementation and
integrate it with the existing systems.

> I don't think any of this is rocket science, but it apparently is a
> real block to BCP38/84 implementatin.

No, this isn't rocket science.  It just requires a little co-ordination.

> R's,
> John
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

Follow-Ups:
- BCP38 is hard, was TWC (AS11351) blocking all NTP?
  - From: randy at psg.com (Randy Bush)

References:
- BCP38 is hard, was TWC (AS11351) blocking all NTP?
  - From: johnl at iecc.com (John Levine)

Prev by Date: Cogent <-> Verizon peering congestion
Next by Date: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]
Previous by thread: BCP38 is hard, was TWC (AS11351) blocking all NTP?
Next by thread: BCP38 is hard, was TWC (AS11351) blocking all NTP?
Index(es):
- Date
- Thread