[c-nsp] Peer pointing default route to us

Roland Dobbins rdobbins at arbor.net
Tue Sep 30 05:24:40 EDT 2014

On Sep 30, 2014, at 4:08 PM, redscorpion69 <redscorpion69 at gmail.com> wrote:

> 2. BCP 38 looks like ok solution, but it does look like burden to manage since it has to be updated every time new prefix is announced... So it looks like it would break stuff.

You should perform anti-spoofing at your downstream customer edges, IDC edges, et. al. via uRPF or ACLs or other mechanisms, and you should perform egress anti-spoofing at your peering/upstream edges via the same mechanisms, whatever works topologically.

With regards to peering, you've already received sound advice.

If you use ACLs, you must update them.  Surely you have automation in place to update ACLs when necessary, yes?

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                   Equo ne credite, Teucri.

    		   	  -- Laocoön

More information about the cisco-nsp mailing list