[c-nsp] Peer pointing default route to us

Stephen Fulton sf at lists.esoteric.ca
Mon Sep 29 21:57:26 EDT 2014

+ 1 for Nick's suggestions.  Depending on how you're receiving traffic 
from the IX, filtering their MAC is an immediate way of dealing with the 
issue, but you should inform the IX operators and let them deal with the 
issue.  I had a similar problem arise two years ago during an 
acquisition and dealt with the matter privately, and I had additional 
leverage as I volunteer at the IXP in question.

-- Stephen

On 2014-09-29 9:43 AM, Nick Hilliard wrote:
> On 29/09/2014 14:11, redscorpion69 wrote:
>> What is the best way to filter traffic comming in from one of our
>> peers and
>> going upstream. Basically we see the peer is sending traffic to IPs we're
>> not announcing to them. They may very well have a default route
>> pointing to
>> us as well.
>> Not going into fact that this is breaking peering policy rules, is
>> there a
>> dynamic way to filter this on (Juniper/Cisco) ?
> pointing a default route at a peer is theft of service.
> In the shorter term (i.e. over no more than a couple of days) your best
> option would be to collect evidence that they are abusing the peering
> arrangement.  Mid to longer term, this sort of behaviour is reasonable
> cause for permanent de-peering.
> If this is private peering, then you could create an access list and
> allow srcip == their IP address ranges only.
> If this is on an IXP, it's more complicated.  If they are abusing your
> peering relationship, then they could be abusing others' too, or if you
> stop them from abusing your peering relationship by e.g. blackholing all
> traffic from their mac address, then they will probably move to someone
> else.  Best to get the IXP operator involved and present them with hard
> data about what's going on.  IXP operators will take this seriously.
> Dragging this into the legal arena is possible but probably not worthwhile.
> Nick
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list