|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: aggregation & table entries
On Fri, 15 Oct 2004, Paul Vixie wrote: > > > > > > And what do you do with a BGP customer which sends you traffic > > > > > from prefixes he doesn't want to announce to you? There are such > > > > > customers. Fail filter ACL? > > > > > > > > This has been my question with uRPF from the beginning. You can > > > > solve this on for some networks, but it doesn't scale very > > > > well. Especially where you really don't know that your customer's > > > > customer is doing this. > > > > > > It's 2004, and so, your customers who want to do this have to > > > explain why, and you have to maintain extra-ordinary filters for > > > such customers, at either your cost or the customer's cost. > > > > ah-ha! Patriot-Act! I was reminded that I forgot my ":)" on that post... I was joking, sort of, and NOT attempting to rile the politicos either. Poor choice of time/place on my part. > > not nearly. i'm not asking you to take your shoes off before you get on > an airplane, nor fingerprinting you before you enter the country, nor > secretly searching your residence while you're at work. the closest > analogue would be wanting your body to be on the plane if your luggage > is, and wanting the name on your ticket to be the same as the name on > your photo-id. Agreed, and some of these things will come with time... As I mentioned earlier on this thread (I think) 'new equipment requirements include line-rate filtering on all interfaces' (vendors mostly have taken this to heart, those that have not should read the former 'jones draft' now RFC 3871 and start doing things better)
|