* joew@accretive-networks.net (Joe Wood) [Fri 16 Aug 2002, 02:38 CEST]:
I know from past experience as a transit customer, that I have personally shyed away from ISP's that have restricted me to having their NOC update my ACL. But instead you prefer a "lazy" NOC, where you need manual intervention in case you screw up a filter list on your end to re-enable the BGP session? No, instead I prefer to do all route filtering on my (cust) side, and have the ISP do filtering based on AS PATH, be it ^CUST-AS_ or configured off the RADB......
(Well, if a customer is accidentally leaking a full table then ^CUST-AS_ will still match everything they send you...) Filtering from RADB has its own problems. It's much better now than it was a few years ago, with RPSL, PGP authentication and not the free-for-all it used to be. :)
It's been my experience that a lot of the providers that do prefix filtering on customer BGP sessions take great amounts of time before they act on the prefix-filter update request. This much fun when it's 5pm or later and you really need to announce a new customer netblock.
My only experience in this regard is with UUNet, and they're pretty quick. Conceded that this was during a Europe-wide outage and the slightly too strict filter was on a transit connection in the US. Configuring off an IRR is a Good Thing. Doing it in an automated fashion without some sort of supervision can at best be called risky. Take care, -- Niels. -- Aug 12 21:22:27 snowcrash ntpd[184]: time reset 6.666601 s Coincidence? I think not!