nanog mailing list archives

Re: p2p addresses for point-to-point connections with customers

From: Tassos Chatzithomaoglou <achatz () forthnetgroup gr>
Date: Tue, 06 Nov 2012 14:31:12 +0200

Having an iACL format like below, that means that i would have to add at least one extra "permit" entry before the
spoofing entries.

deny MARTIANS/BOGONS
deny SPOOFING
deny PROTOCOLS/PORTS
permit BGP-PEERINGS
permit TUNNELS
deny INFRASTRUCTURE
permit ANY

If that's indeed the case, what non-routing protocols do you allow from/to these type of addresses?
Only specific types of icmp messages?

--
Tassos

Dobbins, Roland wrote on 06/11/2012 14:05:

On Nov 6, 2012, at 6:32 PM, Tassos Chatzithomaoglou wrote:

Do you filter them on your border routers (via iACLs)

Yes.

and if yes, how?

The same way you filter any other interface addresses in your iACLs.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

        Luck is the residue of opportunity and design.

                     -- John Milton

Current thread:

p2p addresses for point-to-point connections with customers Tassos Chatzithomaoglou (Nov 06)
- Re: p2p addresses for point-to-point connections with customers Dobbins, Roland (Nov 06)
  - Re: p2p addresses for point-to-point connections with customers Tassos Chatzithomaoglou (Nov 06)
    - Re: p2p addresses for point-to-point connections with customers Dobbins, Roland (Nov 06)
    - Re: p2p addresses for point-to-point connections with customers Tassos Chatzithomaoglou (Nov 06)
    - RE: p2p addresses for point-to-point connections with customers Otis L. Surratt, Jr. (Nov 06)
    - Re: p2p addresses for point-to-point connections with customers Dobbins, Roland (Nov 06)
    - RE: p2p addresses for point-to-point connections with customers James Baker (Nov 06)
    - Re: p2p addresses for point-to-point connections with customers Alastair Johnson (Nov 06)