Ingress filtering on transits, peers, and IX ports

• Previous message (by thread): Ingress filtering on transits, peers, and IX ports
• Next message (by thread): Ingress filtering on transits, peers, and IX ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: Saku Ytti <saku at ytti.fi>
> Sent: Thursday, October 15, 2020 3:30 PM
> 
> On Thu, 15 Oct 2020 at 17:22, Tim Durack <tdurack at gmail.com> wrote:
> 
> 
> > We deploy urpf strict on all customer end-host and broadband circuits. In
> this scenario urpf = ingress acl I don't have to think about.
> 
> But you have to think about what prefixes a customer has. If BGP you need
> to generate prefix-list, if static you need to generate a static route. As you
> already have to know and manage this information, what is the incremental
> cost to also emit an ACL?
> 
Actually ideally there would be a feature/knob to automatically sync BGP (and static routes) with packet filters.

adam 

• Previous message (by thread): Ingress filtering on transits, peers, and IX ports
• Next message (by thread): Ingress filtering on transits, peers, and IX ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]