It's pretty easy to enforce "no transit" at the packet filtering level
-- only packets destined for my nets will be allowed in. Is there some
other aspect of filtering I'm forgetting about? We have a dedicated
and backup network engineer at any rate. The border router would be a
cisco 7200 or 7500 series with 128Mb.
Hmm... If you do provide transit for others, making a dynamic filter
can be difficult if you base transit on as-path filters rather than
I hear that Sprint, one of the few large providers (that imposes filters
on customer BGP sessions) that still bases customer peering filters on
as-path filters rather than on a per-session route filter list either
manually constructed or built automagically from databases, is considering
going or is going to go to route filtering its customer sessions rather
than as-path filtering. Now, I'm talking here about the BGP sessions,
not the actual flow of data. And it's been a long weekend, sorry if that
sentence was hard to parse.