[lir-wg] AS Number Policy
Kurt Erik Lindqvist kurtis at kurtis.pp.se
Thu Jul 11 23:42:59 CEST 2002
> I'm not entirely convinced that everyone has this choice. Some providers > have legacy access kit that simply doesn't support filters on a > per-interface basis. Many are starting to filter on ingress/egress to > each PoP which is a good start. I built and ISP with everything from 25xx to GSRs. I seriously doubt someone has PE devices that can't forward the packets AND do rudimentary filtering on addresses. But maybe you are right...then again, as you say - filtering per POP is as good. Actually it doesn't matter that much where you filter as long as you do it right - AND.... > Part of the problem is raw router processing power. If you've only got ...you have the CPU cycles... > enough processing power to filter inbound *or* outbound, you're more > likely to want to filter inbound (to stop your customers being DoSed) What is "worse"? Your customers beeing DoSes, or you beeing the source of a DoS? Unless we are talking a really small ISP, where there is little difference between ingress and egress routers, this is not that much of an issue. And in that case, I doubt the traffic levels are that high... > than outbound. Providers are filtering outbound, but it's inbound > filters that have all the effort invested in them. They also tend to be > a lot more dynamic thus are a lot better maintained. I don't think any providers are doing outbound source filtering? Not to any large extent, at least that I know of. But I might be wrong...and people dream up the most strange solution nowadays - I am sure that if I where using MPWhateverS this would not be an issue..:) - kurtis -
[ lir-wg Archives ]