[c-nsp] Peer pointing default route to us

Roland Dobbins rdobbins at arbor.net
Tue Sep 30 05:18:55 EDT 2014

On Sep 30, 2014, at 3:49 PM, Lukas Tribus <luky-37 at hotmail.com> wrote:

> BCP 38 is about ingress filtering on customer links, not egress filtering on peers/upstream links, or am I missing something?

Speaking more broadly, in a situation in which you know what destination prefixes should receive traffic across a given interface, you can implement ACLs to only allow traffic destined for those prefixes.

However, operational entropy can be a challenge in terms of maintaining them; so, the QPPB hack that Dave Smith described, or using a VRF, can be useful.

And even if you implement the ACLs, the traffic is still consuming peering-link bandwidth.

Flow telemetry can also be used to determine if peers are dumping traffic, though the lack of MAC-address support in flow telemetry on popular Cisco platforms is frustrating in IX environments.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                   Equo ne credite, Teucri.

    		   	  -- Laocoön

More information about the cisco-nsp mailing list