Ingress filtering on transits, peers, and IX ports

• Previous message (by thread): Ingress filtering on transits, peers, and IX ports
• Next message (by thread): Ingress filtering on transits, peers, and IX ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 15 Oct 2020 at 17:22, Tim Durack <tdurack at gmail.com> wrote:


> We deploy urpf strict on all customer end-host and broadband circuits. In this scenario urpf = ingress acl I don't have to think about.

But you have to think about what prefixes a customer has. If BGP you
need to generate prefix-list, if static you need to generate a static
route. As you already have to know and manage this information, what
is the incremental cost to also emit an ACL?

-- 
  ++ytti

• Previous message (by thread): Ingress filtering on transits, peers, and IX ports
• Next message (by thread): Ingress filtering on transits, peers, and IX ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]