[c-nsp] Peering + Transit Circuits
Brian Turnbow
b.turnbow at twt.it
Tue Aug 25 08:49:00 EDT 2015
Hi
>
> On 25/Aug/15 14:23, Brian Turnbow wrote:
>
> > Or use uRPF with an acl.
> > You can specify what to block and what not to block and use S/RTBH as well.
>
> Even though we're not receiving the full feed on dedicated peering routers,
> you're talking at least 35% of it. Sometimes more...
You actually need to have an aggregated acl that permits all potentially good traffic, and drops the bad, think of it like a bogons list.
Don't just add the routes you receive, otherwise when your friendly ixp peer starts announcing you by accident you don't create a black hole.
It's a compromise but will give you the chance to uRPF known bad sources (static but better than nothing at all) and have working RTBH on the router.
Brian
>
> Mark.
More information about the cisco-nsp
mailing list