Hi, Max --
On 19/08/2015 17:36, Max Tulyev <max...@netassist.ua> wrote: >My solution is: > >1. Don't care. >2. If some peer steal your transit, and it is noticeable amount of >traffic causing some problems for you - investigate and terminate that peer. Unless this bandwidth fraud is taking place over a public peering LAN (IX). You could find that a non-peer is “stealing bandwidth”. In which case, tell the IX operator (they *do* care, and *do* want to stop abusive or fraudulent behaviour). You can, if paranoid, apply some l2/3 filters to only hear from expected peers at the IX (which prevents non-peers from pointing statics at you, but not peers though.) How paranoid shall we take it ? You can also - with a small enough customer footprint - perhaps put each peer into their own VRF and apply policies which prohibit forwarding except to customer prefixes. -a
