North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: T3 or not to T3
> > Yeah, definately. But most backbones seem to have "customer routes" as > > an option, and if I trust them enough to get those routes correct then > > I will hopefully not have to bother with extreme amounts of filtering. > > It's pretty easy to enforce "no transit" at the packet filtering level > > -- only packets destined for my nets will be allowed in. Is there some > > other aspect of filtering I'm forgetting about? We have a dedicated > > and backup network engineer at any rate. The border router would be a > > cisco 7200 or 7500 series with 128Mb. > > > > Dean > > Is this really how people enforce "no transit"? I have been told that packet > filtering is quite cpu expensive. I would think that packet filtering on a > router that is probably already overburdened is not an attractive solution. > > Jim I'm not sure if this is how people enforce it; you're correct that it's pretty expensive to do it this way. We run a periodic script that sends 8-10 pings for various destinations, including non-existent ones, into exchange-point neighbors to see where the packets go. If packets for nowhere IPs come back at you, they're defaulting into you... Avi - - - - - - - - - - - - - - - - -
|