[c-nsp] Peer pointing default route to us

Nick Hilliard nick at foobar.org
Mon Sep 29 09:43:13 EDT 2014

On 29/09/2014 14:11, redscorpion69 wrote:
> What is the best way to filter traffic comming in from one of our peers and
> going upstream. Basically we see the peer is sending traffic to IPs we're
> not announcing to them. They may very well have a default route pointing to
> us as well.
> Not going into fact that this is breaking peering policy rules, is there a
> dynamic way to filter this on (Juniper/Cisco) ?

pointing a default route at a peer is theft of service.

In the shorter term (i.e. over no more than a couple of days) your best 
option would be to collect evidence that they are abusing the peering 
arrangement.  Mid to longer term, this sort of behaviour is reasonable 
cause for permanent de-peering.

If this is private peering, then you could create an access list and allow 
srcip == their IP address ranges only.

If this is on an IXP, it's more complicated.  If they are abusing your 
peering relationship, then they could be abusing others' too, or if you 
stop them from abusing your peering relationship by e.g. blackholing all 
traffic from their mac address, then they will probably move to someone 
else.  Best to get the IXP operator involved and present them with hard 
data about what's going on.  IXP operators will take this seriously.

Dragging this into the legal arena is possible but probably not worthwhile.


More information about the cisco-nsp mailing list