nanog mailing list archives
Re: Strict route filtering at IX?
From: Andy Davidson <andy () nosignal org>
Date: Mon, 17 Dec 2012 11:42:17 +0000
Hi, Dan -- On 12/12/2012 11:22, "Dan Luedtke" <mail () danrl de> wrote:
So, here's the question: How do you filter at exchanges? Where is the error in my workflow? Is strict route filtering a myth?
You can see if the route-servers at the IX already filter. For example, this is the case at LONAP, where strict filters against RADB are built. Networks with open policy and large numbers of peers will naturally find it hard to filter peer *prefixes* on session config, because as you have found the config quickly becomes large and unwieldy. As Arnold has said, filtering with max-prefix and AS-path is more common on bilateral sessions. My advice would be to encourage your IX operator to filter on the route-servers, and rely on MLP derived adjacency for networks that you want to peer with, but don't trust enough not to prefix-filter. Andy
Current thread:
- Strict route filtering at IX? Dan Luedtke (Dec 12)
- Re: Strict route filtering at IX? Peter Ehiwe (Dec 12)
- Re: Strict route filtering at IX? Arnold Nipper (Dec 16)
- Re: Strict route filtering at IX? Andy Davidson (Dec 17)