On Feb 26, 2004, at 11:22 PM, Michael Smith wrote:
We have a customer of a customer who is attempting to send traffic from IP space we control, through the Internet and back into us via one of our transit connections.
I have filters in place that block all inbound traffic from the blocks I announce coming in over my transit and peering connections. This is breaking the downstream customer ability to route from them, through UUNet, and back to me.
I'm curious what the Best Common Practice is for this type of scenario. I have always used this type of filtering as a way to bury source-spoofed traffic in a DDOS situation but I'm not sure if it's appropriate, generally speaking.
It is a good idea to filter source IP on the edge. Since your customer has more than one upstream, filtering their IP space at your border is not "the edge". Filter their source IP where your network meets their network. Filter your source IP at your upstream borders. My $0.0000003411284. :) -- TTFN, patrick