![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Tier 2 ingress filtering
From: Saku Ytti <saku () ytti fi>
Date: Sat, 30 Mar 2013 15:32:46 +0200
On (2013-03-29 13:31 +0100), Tore Anderson wrote:
I've had some problems with my upstream providers' ingress filtering, for example:
That sounds like uRPF, which you should not run towards your transit customers. I'm talking only about using ACL. And I stand-by that I've never had to fix something that is broken. Now naturally it has happened that my customer has gotten new prefix, and things have been wonky, because they forgot to make route object, which meant we didn't allow prefix nor allow it in ACL. However, I think my customers prefer this. The alternative is that everything works fine for 6month, until the other transit who does not BGP filter goes down, after which the network stops propagating and everything is down. At least with ACL you notice the problem immediately. -- ++ytti
Current thread:
- Re: Tier 2 ingress filtering, (continued)
- Re: Tier 2 ingress filtering Saku Ytti (Mar 28)
- Re: Tier 2 ingress filtering Rajiv Asati (rajiva) (Mar 28)
- Re: Tier 2 ingress filtering Saku Ytti (Mar 28)
- Re: Tier 2 ingress filtering Jeff Kell (Mar 28)
- Re: Tier 2 ingress filtering William Herrin (Mar 29)
- Re: Tier 2 ingress filtering Patrick (Mar 29)
- Re: Tier 2 ingress filtering Alejandro Acosta (Mar 29)
- Re: Tier 2 ingress filtering William Herrin (Mar 29)
- Re: Tier 2 ingress filtering Alejandro Acosta (Mar 30)
- Re: Tier 2 ingress filtering Jared Mauch (Mar 28)
- Re: Tier 2 ingress filtering - folo Saku Ytti (Mar 30)