Hi,
In a lot of this dialogue, many say, you should prefix filter.
However, I'm not seeing how an ISP could easily adopt such filtering.
Let's consider the options:
[..]
a) only RIPE IRR uses a sensible security model [1], so if you use
others, basically anyone can add route
On Feb 25, 2008, at 6:08 AM, Pekka Savola wrote:
In a lot of this dialogue, many say, you should prefix filter.
However, I'm not seeing how an ISP could easily adopt such filtering.
So, this is no excuse for not doing prefix filtering if you only do
business in the RIPE region, but
On Mon, 25 Feb 2008, Danny McPherson wrote:
(Yeah, we prefix filter all our customers. Our IPv6 peers are also prefix
filtered, based on RIPE IRR data (with one exception). IPv4 peers'
advertisements seem to be too big a mess, and too long filters, to fix this
way.)
Do you explicitly
clip
Our own or our singlehomed customers' address space -- we would reject
such an advertisement. The same inbound consistency check applies to
peers and upstreams/transits.
If it's someone else's or a more specific or the same prefix as our
multihomed customers -- we accept it.
On Mon, 25 Feb 2008 15:29:01 EST, Randy Epstein said:
Our own or our singlehomed customers' address space -- we would reject
^^^
such an advertisement. The same inbound consistency check applies to
peers and upstreams/transits.
What do you do when one of your
Valdis wrote:
He explicitly said single-homed. Of course, multi-homed requires
different handling, because you may hear their other home announce them
(although again, you probably shouldn't listen to *THAT* announcement
either if *your* link to them is up). And I posit that if you don't