> Chriztoffer Hansen via NANOG > Sent: Wednesday, September 9, 2020 1:29 PM > > On Wed, 9 Sep 2020 at 06:25, Mark Tinka via NANOG <nanog@nanog.org> > wrote: > > It's not unlike trusting your customers to send you FlowSpec > > instructions. No issues technically, but do you want to do it? > > Why not? As a service offering, it makes total sense. > > Thou, generally I agree with you. Trust, but verify any received > announcement conforms to a base-set of expectations. Discard non- > conforming. > Yeah right, like you all are limiting max length of as_path, dropping boggon ASNs, or limiting max number of communities or striping unused/unsupported attributes on ingress to your AS... Or otherwise test what happens to your border edge (or internet-plane route-reflectors/ iBGP infrastructure for that matter) if exposed to these.
adam
