[c-nsp] Peering + Transit Circuits

Nick Hilliard nick at foobar.org
Wed Aug 19 04:59:13 EDT 2015


On 18/08/2015 22:10, William Herrin wrote:
> This technique described isn't URPF, it's simple destination routing.
> The routes I offer you via BGP are the only routes in my table, hence
> the only routes I'm capable of routing. If you send me a packet for a
> _destination_ I didn't offer to you, I can't route it.

yep, I hit send too soon.  The point I intended to make was that ixp
peering in a vrf will only protect you from transit theft, not clandestine
peering.  If you want to stop third party organisations at an ixp from
getting peering by installing static routes, then l2 filters are what you need.

Nick




More information about the cisco-nsp mailing list