Strict route filtering at IX?
andy at nosignal.org
Mon Dec 17 11:42:17 UTC 2012
Hi, Dan --
On 12/12/2012 11:22, "Dan Luedtke" <mail at danrl.de> wrote:
>So, here's the question: How do you filter at exchanges?
>Where is the error in my workflow?
>Is strict route filtering a myth?
You can see if the route-servers at the IX already filter. For example,
this is the case at LONAP, where strict filters against RADB are built.
Networks with open policy and large numbers of peers will naturally find
it hard to filter peer *prefixes* on session config, because as you have
found the config quickly becomes large and unwieldy. As Arnold has said,
filtering with max-prefix and AS-path is more common on bilateral sessions.
My advice would be to encourage your IX operator to filter on the
route-servers, and rely on MLP derived adjacency for networks that you
want to peer with, but don't trust enough not to prefix-filter.
More information about the NANOG