nanog mailing list archives
Re: Quick BGP peering question
From: Jeff Aitken <jaitken () aitken com>
Date: Wed, 3 Jan 2007 08:56:33 -0500
On Wed, Jan 03, 2007 at 01:36:26PM +0000, James Blessing wrote:
Expecting the traffic is not a problem, just want some way of verifying that the traffic isn't malicious/spoofed (e.g. by using unicast RPF or similar)
Whether or not the customer plans on advertising prefixes via BGP, your standard contract/AUP should contain a provision that: (a) requires that the customer provide a list of IP blocks from which traffic may be sourced, and (b) allows you to drop any packets with a source IP not in the list. The mechanism you use to keep track of this info (post-it notes, email, automated route-registry system, etc.) may be subject to negotiation, but the underlying requirement should not be. Ideally, you'd keep all this in a database and auto-generate BOTH prefix filters (for the BGP session) AND packet filters (for the interface) every time the customer registered a new route. --Jeff
Current thread:
- Quick BGP peering question James Blessing (Jan 03)
- RE: Quick BGP peering question Neil J. McRae (Jan 03)
- Re: Quick BGP peering question James Blessing (Jan 03)
- Re: Quick BGP peering question Bill Woodcock (Jan 03)
- Re: Quick BGP peering question Jeff Aitken (Jan 03)
- Re: Quick BGP peering question James Blessing (Jan 03)
- Re: Quick BGP peering question Jeff Aitken (Jan 03)
- Re: Quick BGP peering question Bill Woodcock (Jan 03)
- Re: Quick BGP peering question Jack Bates (Jan 03)
- RE: Quick BGP peering question Neil J. McRae (Jan 03)