Hi, Dan -- On 12/12/2012 11:22, "Dan Luedtke" <mail@danrl.de> wrote:
So, here's the question: How do you filter at exchanges? Where is the error in my workflow? Is strict route filtering a myth?
You can see if the route-servers at the IX already filter. For example, this is the case at LONAP, where strict filters against RADB are built. Networks with open policy and large numbers of peers will naturally find it hard to filter peer *prefixes* on session config, because as you have found the config quickly becomes large and unwieldy. As Arnold has said, filtering with max-prefix and AS-path is more common on bilateral sessions. My advice would be to encourage your IX operator to filter on the route-servers, and rely on MLP derived adjacency for networks that you want to peer with, but don't trust enough not to prefix-filter. Andy