nanog mailing list archives
Re: Tier 2 ingress filtering
From: Tore Anderson <tore () fud no>
Date: Fri, 29 Mar 2013 13:31:47 +0100
* Saku Ytti
Question is, is it reasonable to expect customer to know what networks they have. If yes, then you can ask them to create route objects and then you can BGP prefix-filter and ACL on them. I do both, and it has never been problem to my customers (enterprises, CDNs, eyeballs).
I've had some problems with my upstream providers' ingress filtering, for example: - Traffic sourced from a prefix announced as a more-specific route at transit connection in location A got filtered on a transit connection in location B, where only a greater aggregate was announced. - A GRE tunnel anchored in my routers' addresses in the eBGP link network (part of my provider's address space) stopped working, as my outbound packets was dropped by the provider's ingress filtering. - Traceroutes that reaches my network through provider A show one missing hop if my best return path back to the traceroute source is through provider B, and provider B is doing ingress filtering. This is because the ICMP TTL/HL exceeded packet is sourced from provider A's address space (my router's interface address in the eBGP link net). AFAIK, you represent one of my upstream providers, so sorry, but saying your customers have never had problems with your ingress filtering isn't entirely accurate. Everything works fine now, though. Best regards, -- Tore Anderson
Current thread:
- Re: Tier 2 ingress filtering, (continued)
- Re: Tier 2 ingress filtering William Herrin (Mar 28)
- Re: Tier 2 ingress filtering Jay Ashworth (Mar 28)
- Re: Tier 2 ingress filtering Paul Ferguson (Mar 28)
- Re: Tier 2 ingress filtering Jay Ashworth (Mar 28)
- Re: Tier 2 ingress filtering Jay Ashworth (Mar 28)
- Re: Tier 2 ingress filtering William Herrin (Mar 28)
- Re: Tier 2 ingress filtering Saku Ytti (Mar 28)
- Re: Tier 2 ingress filtering Jay Ashworth (Mar 28)
- Re: Tier 2 ingress filtering Saku Ytti (Mar 28)
- Re: Tier 2 ingress filtering Rajiv Asati (rajiva) (Mar 28)
- Re: Tier 2 ingress filtering Saku Ytti (Mar 28)
- Re: Tier 2 ingress filtering Jeff Kell (Mar 28)
- Re: Tier 2 ingress filtering Jay Ashworth (Mar 28)
- Re: Tier 2 ingress filtering William Herrin (Mar 29)
- Re: Tier 2 ingress filtering Patrick (Mar 29)
- Re: Tier 2 ingress filtering Alejandro Acosta (Mar 29)
- Re: Tier 2 ingress filtering William Herrin (Mar 29)
- Re: Tier 2 ingress filtering Alejandro Acosta (Mar 30)
- Re: Tier 2 ingress filtering Jared Mauch (Mar 28)
- Re: Tier 2 ingress filtering - folo Saku Ytti (Mar 30)