On Aug 1, 2013, at 2:31 AM, Saku Ytti <saku () ytti fi> wrote:
On (2013-07-31 17:07 -0700), bottiger wrote:
But realistically those 2 problems are not going to be solved any time
in the next decade. I have tested 7 large hosting networks only one of
them had BCP38.
I wonder if it's truly that unrealistic. If we target access networks, it
seems impractical target.
We have about 40k origin only ASNs and about 7k ASNs which offer transit,
who could arguably trivially ACL those 40k peers.
If we truly tried, as a community to make deploying these ACLs easy and
actively reach out those 7k ASNs and offer help, would it be unrealistic
have ACL deployed to sufficiently large portion of networks to make
The following is a sorted list from worst to best of networks that allow
spoofing: (cutoff here is 25k)
(full list -