[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tier 2 ingress filtering

On (2013-03-29 13:31 +0100), Tore Anderson wrote:

> I've had some problems with my upstream providers' ingress filtering,
> for example:

That sounds like uRPF, which you should not run towards your transit

I'm talking only about using ACL. And I stand-by that I've never had to fix
something that is broken.

Now naturally it has happened that my customer has gotten new prefix, and
things have been wonky, because they forgot to make route object, which
meant we didn't allow prefix nor allow it in ACL.
However, I think my customers prefer this. The alternative is that
everything works fine for 6month, until the other transit who does not BGP
filter goes down, after which the network stops propagating and everything
is down. At least with ACL you notice the problem immediately.