On Tue, 1 Dec 1998, Dean Anderson wrote:
You don't need a tool. People already have provisioning/configuration tools or are doing it by hand. Whichever is the case, just add a rule to your customers interface. You know when you configure the interface what the mask is and what the broadcast is. All you need to do is add an access list entry which applies to that customers interface.
That works fine as long as you either manage your customers' equipment or your customers don't subnet blocks you give them. However, in real-world experience, neither of those apply, especially to a larger ISP/NSP (UUNet was mentioned in this thread at the beginning). It certainly doesn't hurt to put in access-list's where you can, to reduce the problem, but that is not a scalable solution. It is an incredible management nightmare, especially if you're having to keep track of autonomous customer routing changes. Not to mention that it adds to the burden of tracking down problems (imagine a DHCP server which assignes what used to be a broadcast address, but is no longer because the subnets were combined, and everytime a machine gets that address, it can't get outside the network because the administrator hasn't updated the 5,000-line access-list). Pete.