On 18 August 2015 at 14:29, Tim Durack <tdurack@gmail.com> wrote:
4. Don't worry about peers stealing transit.
Because both of our transit providers implement source filters. Any packets received with a source IP not in the list of IP ranges registered by us will be dropped by the transit provider. Stealing transit is not practical giving the limitation that you need to use a source address from our ranges. I use ACLs on our end too just to be sure. ACL on the transit to prevent wrong source from leaving our network and ACL on the peering to prevent wrong destination to enter the network. Actually both ACLs are used in both places. The prefix lists used for the ACL need to be maintained in any case. It is the list of routes that we advertise. Regards, Baldur