[c-nsp] Peer pointing default route to us
Roland Dobbins
rdobbins at arbor.net
Tue Sep 30 05:24:40 EDT 2014
On Sep 30, 2014, at 4:08 PM, redscorpion69 <redscorpion69 at gmail.com> wrote:
> 2. BCP 38 looks like ok solution, but it does look like burden to manage since it has to be updated every time new prefix is announced... So it looks like it would break stuff.
You should perform anti-spoofing at your downstream customer edges, IDC edges, et. al. via uRPF or ACLs or other mechanisms, and you should perform egress anti-spoofing at your peering/upstream edges via the same mechanisms, whatever works topologically.
With regards to peering, you've already received sound advice.
If you use ACLs, you must update them. Surely you have automation in place to update ACLs when necessary, yes?
----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
More information about the cisco-nsp
mailing list