Ingress filtering on transits, peers, and IX ports

• Previous message (by thread): Ingress filtering on transits, peers, and IX ports
• Next message (by thread): Ingress filtering on transits, peers, and IX ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Great for customer-facing interfaces, though. 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: "Nick Hilliard" <nick at foobar.org> 
To: "Brian Knight" <ml at knight-networks.com> 
Cc: nanog at nanog.org 
Sent: Wednesday, October 14, 2020 3:12:22 AM 
Subject: Re: Ingress filtering on transits, peers, and IX ports 

Brian Knight via NANOG wrote on 13/10/2020 23:49: 
> Strict mode won't work for us, because with our multi-homed transits and 
> IX peers, we will almost certainly drop a legitimate packet because the 
> best route is through another transit. 

there's no "almost" about it: strict mode is unfeasible for both transit 
and IX ports. 

Nick 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201014/252cab82/attachment.html>

• Previous message (by thread): Ingress filtering on transits, peers, and IX ports
• Next message (by thread): Ingress filtering on transits, peers, and IX ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]