Ever single entity on the internet has been assigned its own public IPv4 (or IPv6) address by its ISP.
Right?… most of the times.
An ISP, normally, assign IPs to its customers in a dynamic fashion, via DHCPv4 or DHCPv6 Prefix Delegation.
However, nothing is preventing the end user to manually set a different address, outside the ISP address scope and, if there is no source-address check in place, the illegitimate traffic can pass unrestricted through the network.
Unless the ISP is illegally involved in this scenario, this customer behavior will not allow any two way communication, due to the lack of routing of the spoofed IP.
So why should we care?
Because one way spoofing is the underlying ingredient of most common DDoS attacks nowdays: UDP based traffic does not need a connection to reply, hence a simple DNS amplification will just require a spoofed address of the victim to be effective.
ISP can prevent this behavior by enforcing some controls et the network edge, such: