On (2013-03-28 13:07 -0400), Jay Ashworth wrote:
The edge carrier's *upstream* is not going to know that it's reasonable for their customer -- the end-site's carrier -- to be originating traffic with those source addresses, and if they ingress filter based on the prefixes they route down to that carrier, they'll drop that traffic...
Question is, is it reasonable to expect customer to know what networks they have. If yes, then you can ask them to create route objects and then you can BGP prefix-filter and ACL on them. I do both, and it has never been problem to my customers (enterprises, CDNs, eyeballs). But if your customer has many other transit customer it can quickly become less practical. I'm sure for many/most customers of tier1 it would not be reasonable expects to keep such list up-to-date. You can't do it at top-level nor it's not practical to hope that some day BCP38 is done in reasonably many last-mile port. But there are only 6000 non-stubby networks, if you do it at network before stubby network, it's entirely practical and maintainable, provided we'd want to do it. -- ++ytti