-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I think we're in 99.9% percent agreement, which is probably about the best you can expect between two human beings. Let me respond to one thing:
Agreed!
What happens if one of your customers is multihomed, loses his link to you, and tries to reach another one of your customers through his other ISP? Or do you make exceptions to this filter for multihomed customers? (The problem is, with VPNs and mobile IP schemes, every customer is potentially multihomed.)
IMO, this is something best done on the customer's routers. Obviously, for your own 'local' IPs, you are the customer.
Again, agreed. I only ingress filter on my own addresses, RFC918 and a long list of other addresses which are "bad". I wouldn't filter out a customer's addresses. I would give them instructions on how to do so and why it's a good thing. :-) === Tim ********************************************** Tim Winders, MCSE, CNE, CCNA Associate Dean of Information Technology South Plains College Levelland, TX 79336 Phone: 806-894-9611 x 2369 FAX: 806-894-1549 Email: TWinders@SPC.cc.tx.us ********************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (OSF1) Comment: Made with pgp4pine 1.75-6 iEYEARECAAYFAjrCjwkACgkQTPuHnIooYbzSFACghjFsDa0n0bMQKjxBw9/Z9W9S 3+UAoM3t0xUcffHTmnliriGLneGwJALV =KQ24 -----END PGP SIGNATURE-----