> On Dec 31, 2015, at 2:21 PM, Steve Crocker <steve@xxxxxxxxxxxx> wrote: > > I’ve always assumed the proper place to implement BCP 38 is at the edge of the network. I’ve also assumed that part of the knowledge one network ought to have about another is whether the other network implements BCP 38 at its edge and requires its peers to do so at their edges and require their peers, etc. Thus, there ought to be an ever growing collection of networks that have agreed that packets entering their networks have had their source addresses checked at their source. Checking the source addresses as packets traverse from one tier one network to another or from a tier two network to a tier one network should not be necessary, and I can well understand why this would be a performance issue. Sure. The edge of my network may have a /19 behind it though, or it could be a /126. I also don’t know if a customer later turns up as another providers backup-path and forgets to or doesn’t inform me. Customers are often reluctant to describe who are in that downstream cone in advance, either because of poor planning, fear or something else. I may want to drop packets that I can’t return (eg: 1918 type sources). This is where I’ve tried to focus, to forward fewer ‘bad’ packets. Instead we have ended up with a policy to have certain port or protocol numbers enter a ‘junk’ queue that gets policed. I may not need Chargen or NTP to be more than 1% of my network. - Jared