North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Best Common Practice - Listening to local routes from peers?

  • From: Stephen J. Wilcox
  • Date: Fri Feb 27 05:39:46 2004

On Thu, 26 Feb 2004, Michael Smith wrote:

> We have a customer of a customer who is attempting to send traffic from
> IP space we control, through the Internet and back into us via one of
> our transit connections.
> I have filters in place that block all inbound traffic from the blocks I
> announce coming in over my transit and peering connections.  This is
> breaking the downstream customer ability to route from them, through
> UUNet, and back to me.

Yes, I've had this back in the days when I  used to attempt to do fascist 
filtering and security ... the short answer is you cant do this kind of 
filtering in the backbone, you need to push it to the edge (defined in my mind 
as stub areas of network.. in this case thats likely not in your network but in 
the customer's network)
> I'm curious what the Best Common Practice is for this type of scenario. I have
> always used this type of filtering as a way to bury source-spoofed traffic in
> a DDOS situation but I'm not sure if it's appropriate, generally speaking.

Am not convinced the benefit of dropping that traffic is worth the effort tbh 
(that is stuff coming in with obviuosly spoofed addresses.. there is so much 
legit space available to spoof).


> If other operators would like to reply directly to me I would be more
> than happy to summarize to the list.  Thank you for any assistance you
> can provide.
> Michael Smith
> [email protected]