nanog mailing list archives
Re: Tier 2 ingress filtering
From: Saku Ytti <saku () ytti fi>
Date: Thu, 28 Mar 2013 21:02:43 +0200
On (2013-03-28 13:07 -0400), Jay Ashworth wrote:
The edge carrier's *upstream* is not going to know that it's reasonable for their customer -- the end-site's carrier -- to be originating traffic with those source addresses, and if they ingress filter based on the prefixes they route down to that carrier, they'll drop that traffic...
Question is, is it reasonable to expect customer to know what networks they have. If yes, then you can ask them to create route objects and then you can BGP prefix-filter and ACL on them. I do both, and it has never been problem to my customers (enterprises, CDNs, eyeballs). But if your customer has many other transit customer it can quickly become less practical. I'm sure for many/most customers of tier1 it would not be reasonable expects to keep such list up-to-date. You can't do it at top-level nor it's not practical to hope that some day BCP38 is done in reasonably many last-mile port. But there are only 6000 non-stubby networks, if you do it at network before stubby network, it's entirely practical and maintainable, provided we'd want to do it. -- ++ytti
Current thread:
- Re: Tier 2 ingress filtering, (continued)
- Re: Tier 2 ingress filtering bmanning (Mar 28)
- Re: Tier 2 ingress filtering Jay Ashworth (Mar 28)
- Re: Tier 2 ingress filtering Valdis . Kletnieks (Mar 28)
- Re: Tier 2 ingress filtering Jay Ashworth (Mar 28)
- Re: Tier 2 ingress filtering Jon Lewis (Mar 28)
- Re: Tier 2 ingress filtering goemon (Mar 28)
- Re: Tier 2 ingress filtering Jay Ashworth (Mar 28)
- Re: Tier 2 ingress filtering Paul Ferguson (Mar 28)
- Re: Tier 2 ingress filtering Jay Ashworth (Mar 28)
- Re: Tier 2 ingress filtering Jay Ashworth (Mar 28)
- Re: Tier 2 ingress filtering Saku Ytti (Mar 28)
- Re: Tier 2 ingress filtering Rajiv Asati (rajiva) (Mar 28)
- Re: Tier 2 ingress filtering Saku Ytti (Mar 28)
- Re: Tier 2 ingress filtering Jeff Kell (Mar 28)
- Re: Tier 2 ingress filtering William Herrin (Mar 29)
- Re: Tier 2 ingress filtering Patrick (Mar 29)
- Re: Tier 2 ingress filtering Alejandro Acosta (Mar 29)
- Re: Tier 2 ingress filtering William Herrin (Mar 29)