On (2013-03-29 13:31 +0100), Tore Anderson wrote:
I've had some problems with my upstream providers' ingress filtering, for example:
That sounds like uRPF, which you should not run towards your transit customers. I'm talking only about using ACL. And I stand-by that I've never had to fix something that is broken. Now naturally it has happened that my customer has gotten new prefix, and things have been wonky, because they forgot to make route object, which meant we didn't allow prefix nor allow it in ACL. However, I think my customers prefer this. The alternative is that everything works fine for 6month, until the other transit who does not BGP filter goes down, after which the network stops propagating and everything is down. At least with ACL you notice the problem immediately. -- ++ytti