nanog mailing list archives
RE: Filter on IXP
From: Vitkovský Adam <adam.vitkovsky () swan sk>
Date: Sun, 2 Mar 2014 12:45:13 +0000
On the other hand, if a member provides transit, he will add its customer prefixes to RaDB / RIPEdb with appropriate route objects and the ACL will be updated accordingly. Shouldn't break there.
And that's a really nice side effect. However in case of transit providers the problem is that RaDB /RIPE lists what prefixes you are allowed to advertise. But that does not necessarily fully match with what source IPs can leave your network. I mean ISP-A can have a customer that uses PA range of other ISP-B and only has a static route towards ISP-A for some TE purposes. I'm not well versed with RIPE myself so I'm not sure whether there's a way to handle this situation. adam -----Original Message----- From: Jérôme Nicolle [mailto:jerome () ceriz fr] Sent: Friday, February 28, 2014 6:03 PM To: Nick Hilliard; nanog () nanog org Subject: Re: Filter on IXP Le 28/02/2014 17:52, Nick Hilliard a écrit :
this will break horribly as soon as you have an IXP member which provides transit to other multihomed networks.
It could break if filters are based on announced prefixes. That's preciselly why uRPF is often useless. On the other hand, if a member provides transit, he will add its customer prefixes to RaDB / RIPEdb with appropriate route objects and the ACL will be updated accordingly. Shouldn't break there. -- Jérôme Nicolle +33 6 19 31 27 14
Current thread:
- RE: Filter on IXP Vitkovský Adam (Mar 02)
- Re: Filter on IXP Nick Hilliard (Mar 02)
- Re: Filter on IXP Royce Williams (Mar 02)
- RE: Filter on IXP Vitkovský Adam (Mar 03)
- Re: Filter on IXP Nick Hilliard (Mar 02)