[c-nsp] Peering + Transit Circuits

Nick Hilliard nick at foobar.org
Tue Aug 18 16:43:47 EDT 2015


On 18/08/2015 20:22, Tim Durack wrote:
> This has always been my understanding - thanks for confirming. I'm weighing
> cost-benefit, and looking to see if there are any other smart ideas. As
> usual, it looks like simplest is best.

i'd advise being careful with this approach: urpf at ixps is a nightmare.

If you're concerned about transit / peering theft on a shared l2 ixp style
fabric, you're far better to use bilateral-only peering with ingress l2
filters at the ixp interface to include or exclude other participants as
required.  This will stop the problem dead in the water with no side effects.

Nick



More information about the cisco-nsp mailing list