What is BCP38 and why it is important?
BCP38 - also known as “Network Ingress Filtering” is concept where we filter incoming packets from end customers and allow packets ONLY from IP’s assigned to them. Before going to BCP38, let’s first understand how packets forwarding work:
Here User 1 is connected to User 2 via a series of router R1, R2 and R3. Here R1 and R3 are ISP’s edge routers while R2 is a core router. In typical way the network is setup, entire effort is given on logic of routing table i.e for packets to reach from User 1 to User 2, we need to ensure that User 1 has default route towards R1, knows that User-2’s IP is behind R3 which is reachable via R2. So path User 1 > R1 > R2 > R3 > User 2 comes up. And same for User 2 > R3 > R2 > R1 > User 1 as return path. Now e.g IP pool for User-1 is 192.168.1.0/24 and is using 192.168.1.2 out of it while IP pool for User-2 is 192.168.2.0/24 and is using 192.168.2.2 out of it.