On Wed, 2006-09-20 at 01:06 +0800, Mark Williams wrote: [snip] > A medicine that the patient is not taking cannot effect a cure. >
Spot-on. You may find any number of technical solutions to the problem, but it won't help much unless the ops-community is prepared to enforce implementation. I.e. it becomes a political issue more than a technical one. Imagine: 1. Operators agree to boycott equipment vendors who fail to make BCP38-compliance the *default* behavior of their equipment. 2. A significant software supplier (e.g. OS vendor) including spoofing probes in their SW. You can't reliably test BCP38 compliance of remote networks unless probes are deployed within the tested network. Imagine every internet-attached PC or MAC probing a couple times a year. That should give a decent indication of which networks do allow spoofing or not. 3. Transit-operators filter "spoofing-friendly" prefixes from routes-received until the problem is fixed. This could eliminate spoofing, with of without SAVA. The remaining question is whether the ISP-industry is prepared to implement this kind of self-regulation before influential but less-clued elements impose measures that may be a lot more destructive. SAVA may prove good for the future, but it'll take years for any standard defined today to find its way to all corners of the net, and for all non-compliant legacy equipment to be removed. //per -- Per Heldal - http://heldal.eml.cc/
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
