[c-nsp] Peer pointing default route to us
Roland Dobbins
rdobbins at arbor.net
Tue Sep 30 05:18:55 EDT 2014
On Sep 30, 2014, at 3:49 PM, Lukas Tribus <luky-37 at hotmail.com> wrote:
> BCP 38 is about ingress filtering on customer links, not egress filtering on peers/upstream links, or am I missing something?
Speaking more broadly, in a situation in which you know what destination prefixes should receive traffic across a given interface, you can implement ACLs to only allow traffic destined for those prefixes.
However, operational entropy can be a challenge in terms of maintaining them; so, the QPPB hack that Dave Smith described, or using a VRF, can be useful.
And even if you implement the ACLs, the traffic is still consuming peering-link bandwidth.
Flow telemetry can also be used to determine if peers are dumping traffic, though the lack of MAC-address support in flow telemetry on popular Cisco platforms is frustrating in IX environments.
----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
More information about the cisco-nsp
mailing list