North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: UUNet Offer New Protection Against DDoS
On Mar 3, 2004, at 5:22 PM, Stephen J. Wilcox wrote: What's wrong with letting customers announce /32s into your network, as long as you do not pass it to anyone else (including other customers)?Hmm not keen, have moved acl->prefix w/len to stop folks from doing this, inI'm puzzled by one aspect on the implementation.. how to build your customer Here is what I did (when I had a network =) : * Prefix filter customers in, allowing more specifics * Filter > /24s & Bogons out to customers * Bogon & /24 filter peers in * Bogon, /24, and cust-only community filter peers out Theoretically, the Bogon out filters are irrelevant, since your table should be clean from the inbound filters, but I like "belt and suspenders". (Plus one day I leaked a slew of 10-net from a NOC test LAN and hit one of the Merit instability mailing lists. Burned once, twice shy. :) -- TTFN, patrick
|