Chriztoffer Hansen via NANOG Sent: Wednesday, September 9, 2020 1:29 PM
On Wed, 9 Sep 2020 at 06:25, Mark Tinka via NANOG <nanog@nanog.org> wrote:
It's not unlike trusting your customers to send you FlowSpec instructions. No issues technically, but do you want to do it?
Why not? As a service offering, it makes total sense.
Thou, generally I agree with you. Trust, but verify any received announcement conforms to a base-set of expectations. Discard non- conforming.
Yeah right, like you all are limiting max length of as_path, dropping boggon ASNs, or limiting max number of communities or striping unused/unsupported attributes on ingress to your AS... Or otherwise test what happens to your border edge (or internet-plane route-reflectors/ iBGP infrastructure for that matter) if exposed to these. adam