It's pretty easy to enforce "no transit" at the packet filtering level -- only packets destined for my nets will be allowed in. Is there some other aspect of filtering I'm forgetting about? We have a dedicated and backup network engineer at any rate. The border router would be a cisco 7200 or 7500 series with 128Mb.
Dean
Hmm... If you do provide transit for others, making a dynamic filter can be difficult if you base transit on as-path filters rather than route filters. I hear that Sprint, one of the few large providers (that imposes filters on customer BGP sessions) that still bases customer peering filters on as-path filters rather than on a per-session route filter list either manually constructed or built automagically from databases, is considering going or is going to go to route filtering its customer sessions rather than as-path filtering. Now, I'm talking here about the BGP sessions, not the actual flow of data. And it's been a long weekend, sorry if that sentence was hard to parse. Avi