19 Aug
2015
19 Aug
'15
4:59 a.m.
On 18/08/2015 22:10, William Herrin wrote:
This technique described isn't URPF, it's simple destination routing. The routes I offer you via BGP are the only routes in my table, hence the only routes I'm capable of routing. If you send me a packet for a _destination_ I didn't offer to you, I can't route it.
yep, I hit send too soon. The point I intended to make was that ixp peering in a vrf will only protect you from transit theft, not clandestine peering. If you want to stop third party organisations at an ixp from getting peering by installing static routes, then l2 filters are what you need. Nick