[c-nsp] Peer pointing default route to us

Roland Dobbins rdobbins at arbor.net
Tue Sep 30 05:50:25 EDT 2014

On Sep 30, 2014, at 4:37 PM, Vitkovský Adam <adam.vitkovsky at swan.sk> wrote:

> How? 

Any size network can and should perform ingress filtering for directly-connecting endpoint networks on its customer edges.  Customer-of-my-customer (of my customer, of my customer . . .) is problematic.

Egress filtering at peering/upstream transit edges can be problematic, depending upon the size of the network in question.  Customer-of-my-customer also is problematic.

This is one of the main reasons we don't have universal anti-spoofing - the networks which are big enough with enough savvy personnel and automation to do it are often topologically unable to do so precisely because of their size and downstream wholesalers.

The smaller downstream networks often don't have savvy personnel and/or automation sufficient to make it operationally-feasible to do so.  And they don't see an economic benefit to doing so (although spoofed traffic costs money . . .).

And so it goes . . .

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                   Equo ne credite, Teucri.

    		   	  -- Laocoön

More information about the cisco-nsp mailing list