[3570] in North American Network Operators' Group
Re: T3 or not to T3
daemon@ATHENA.MIT.EDU (Avi Freedman)
Mon Jul 22 13:58:46 1996
From: Avi Freedman <freedman@netaxs.com>
To: vansax@atmnet.net (Jim Van Baalen)
Date: Mon, 22 Jul 1996 13:51:41 -0400 (EDT)
Cc: dgaudet@hotwired.com, sob@academ.com, nanog@merit.edu
In-Reply-To: <199607221635.JAA10840@core.atmnet.net> from "Jim Van Baalen" at Jul 22, 96 09:35:47 am
> > Yeah, definately. But most backbones seem to have "customer routes" as
> > an option, and if I trust them enough to get those routes correct then
> > I will hopefully not have to bother with extreme amounts of filtering.
> > It's pretty easy to enforce "no transit" at the packet filtering level
> > -- only packets destined for my nets will be allowed in. Is there some
> > other aspect of filtering I'm forgetting about? We have a dedicated
> > and backup network engineer at any rate. The border router would be a
> > cisco 7200 or 7500 series with 128Mb.
> >
> > Dean
>
> Is this really how people enforce "no transit"? I have been told that packet
> filtering is quite cpu expensive. I would think that packet filtering on a
> router that is probably already overburdened is not an attractive solution.
>
> Jim
I'm not sure if this is how people enforce it; you're correct that it's
pretty expensive to do it this way.
We run a periodic script that sends 8-10 pings for various destinations,
including non-existent ones, into exchange-point neighbors to see where
the packets go.
If packets for nowhere IPs come back at you, they're defaulting into you...
Avi
