[c-nsp] Peering + Transit Circuits

Brian Turnbow b.turnbow at twt.it
Tue Aug 25 08:49:00 EDT 2015


> On 25/Aug/15 14:23, Brian Turnbow wrote:
> > Or use uRPF with an acl.
> > You can specify what to block and what not to block and use S/RTBH as well.
> Even though we're not receiving the full feed on dedicated peering routers,
> you're talking at least 35% of it. Sometimes more...

You actually need to have an aggregated acl that permits all potentially good traffic, and drops the bad, think of it  like a bogons list.
Don't just add the routes you receive, otherwise when your friendly ixp peer starts announcing you by accident you don't create a black hole.
It's a compromise but  will give you the chance to uRPF known bad sources (static but better than nothing at all) and have working RTBH on the router.


> Mark.

More information about the cisco-nsp mailing list