nanog mailing list archives
Re: Peering + Transit Circuits
From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Wed, 19 Aug 2015 01:02:16 +0200
On 18 August 2015 at 14:29, Tim Durack <tdurack () gmail com> wrote:
4. Don't worry about peers stealing transit.
Because both of our transit providers implement source filters. Any packets received with a source IP not in the list of IP ranges registered by us will be dropped by the transit provider. Stealing transit is not practical giving the limitation that you need to use a source address from our ranges. I use ACLs on our end too just to be sure. ACL on the transit to prevent wrong source from leaving our network and ACL on the peering to prevent wrong destination to enter the network. Actually both ACLs are used in both places. The prefix lists used for the ACL need to be maintained in any case. It is the list of routes that we advertise. Regards, Baldur
Current thread:
- Re: Peering + Transit Circuits, (continued)
- Re: Peering + Transit Circuits Pshem Kowalczyk (Aug 18)
- Re: Peering + Transit Circuits Faisal Imtiaz (Aug 18)
- Re: Peering + Transit Circuits John Osmon (Aug 18)
- Re: Peering + Transit Circuits Faisal Imtiaz (Aug 18)
- Re: Peering + Transit Circuits Pshem Kowalczyk (Aug 18)
- Re: Peering + Transit Circuits Patrick W. Gilmore (Aug 18)
- Re: Peering + Transit Circuits Faisal Imtiaz (Aug 18)
- Re: Peering + Transit Circuits Bob Evans (Aug 18)
- Re: Peering + Transit Circuits Faisal Imtiaz (Aug 18)
- Re: Peering + Transit Circuits Patrick W. Gilmore (Aug 18)
- Re: Peering + Transit Circuits Mark Tinka (Aug 25)
- Re: Peering + Transit Circuits Jon Lewis (Aug 19)
- Re: Peering + Transit Circuits Andy Davidson (Aug 19)