[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Peering + Transit Circuits

Subject: Peering + Transit Circuits
From: baldur.norddahl at gmail.com (Baldur Norddahl)
Date: Wed, 19 Aug 2015 01:02:16 +0200
In-reply-to: <CAE_ug143GsMN3+CNz=AgTr+xjGWY2CrmXYW=jf36JQ3AAnukFw@mail.gmail.com>
References: <CAE_ug143GsMN3+CNz=AgTr+xjGWY2CrmXYW=jf36JQ3AAnukFw@mail.gmail.com>

On 18 August 2015 at 14:29, Tim Durack <tdurack at gmail.com> wrote:

> 4. Don't worry about peers stealing transit.
>

Because both of our transit providers implement source filters. Any packets
received with a source IP not in the list of IP ranges registered by us
will be dropped by the transit provider. Stealing transit is not practical
giving the limitation that you need to use a source address from our ranges.

I use ACLs on our end too just to be sure. ACL on the transit to prevent
wrong source from leaving our network and ACL on the peering to prevent
wrong destination to enter the network. Actually both ACLs are used in both
places.

The prefix lists used for the ACL need to be maintained in any case. It is
the list of routes that we advertise.

Regards,

Baldur

References:
- Peering + Transit Circuits
  - From: tdurack at gmail.com (Tim Durack)

Prev by Date: Peering + Transit Circuits
Next by Date: Peering + Transit Circuits
Previous by thread: Peering + Transit Circuits
Next by thread: Peering + Transit Circuits
Index(es):
- Date
- Thread