nanog mailing list archives

Re: Peering + Transit Circuits

From: Andy Davidson <andy () nosignal org>
Date: Wed, 19 Aug 2015 17:54:48 +0000


Hi, Max --





On 19/08/2015 17:36, Max Tulyev <maxtul () netassist ua> wrote:

My solution is:

1. Don't care.
2. If some peer steal your transit, and it is noticeable amount of
traffic causing some problems for you - investigate and terminate that peer.


Unless this bandwidth fraud is taking place over a public peering LAN (IX).  You could find that a non-peer is 
“stealing bandwidth”.  In which case, tell the IX operator (they *do* care, and *do* want to stop abusive or fraudulent 
behaviour).  

You can, if paranoid, apply some l2/3 filters to only hear from expected peers at the IX (which prevents non-peers from 
pointing statics at you, but not peers though.)  How paranoid shall we take it ?  You can also - with a small enough 
customer footprint - perhaps put each peer into their own VRF and apply policies which prohibit forwarding except to 
customer prefixes.  

-a

Current thread:

Re: Peering + Transit Circuits, (continued)
- - - Re: Peering + Transit Circuits Faisal Imtiaz (Aug 18)
  - Re: Peering + Transit Circuits Patrick W. Gilmore (Aug 18)
    - Re: Peering + Transit Circuits Faisal Imtiaz (Aug 18)
    - Re: Peering + Transit Circuits Bob Evans (Aug 18)
    - Re: Peering + Transit Circuits Faisal Imtiaz (Aug 18)
    - Re: Peering + Transit Circuits Patrick W. Gilmore (Aug 18)
    - Re: Peering + Transit Circuits Mark Tinka (Aug 25)
- Re: Peering + Transit Circuits Baldur Norddahl (Aug 18)
- Re: Peering + Transit Circuits Max Tulyev (Aug 19)
  - Re: Peering + Transit Circuits Jon Lewis (Aug 19)
  - Re: Peering + Transit Circuits Andy Davidson (Aug 19)
- Re: [c-nsp] Peering + Transit Circuits Mark Tinka (Aug 25)