RE: Filter on IXP

[Vitkovský Adam <adam.vitkovsky () swan sk>]

> On the other hand, if a member provides transit, he will add its 
> customer prefixes to RaDB / RIPEdb with appropriate route 
> objects and the ACL will be updated accordingly. Shouldn't break there. 

And that's a really nice side effect.

However in case of transit providers the problem is that RaDB /RIPE lists what prefixes you are allowed to advertise. 
But that does not necessarily fully match with what source IPs can leave your network. 
I mean ISP-A can have a customer that uses PA range of other ISP-B and only has a static route towards ISP-A for some 
TE purposes. 
I'm not well versed with RIPE myself so I'm not sure whether there's a way to handle this situation. 

adam
-----Original Message-----
From: Jérôme Nicolle [mailto:jerome () ceriz fr] 
Sent: Friday, February 28, 2014 6:03 PM
To: Nick Hilliard; nanog () nanog org
Subject: Re: Filter on IXP

Le 28/02/2014 17:52, Nick Hilliard a écrit :
> this will break horribly as soon as you have an IXP member which 
> provides transit to other multihomed networks.

It could break if filters are based on announced prefixes. That's preciselly why uRPF is often useless.

On the other hand, if a member provides transit, he will add its customer prefixes to RaDB / RIPEdb with appropriate 
route objects and the ACL will be updated accordingly. Shouldn't break there.

--
Jérôme Nicolle
+33 6 19 31 27 14