I'm not entirely convinced that everyone has this choice. Some providers have legacy access kit that simply doesn't support filters on a per-interface basis. Many are starting to filter on ingress/egress to each PoP which is a good start.
I built and ISP with everything from 25xx to GSRs. I seriously doubt someone has PE devices that can't forward the packets AND do rudimentary filtering on addresses. But maybe you are right...then again, as you say - filtering per POP is as good. Actually it doesn't matter that much where you filter as long as you do it right - AND....
Part of the problem is raw router processing power. If you've only got
...you have the CPU cycles...
enough processing power to filter inbound *or* outbound, you're more likely to want to filter inbound (to stop your customers being DoSed)
What is "worse"? Your customers beeing DoSes, or you beeing the source of a DoS? Unless we are talking a really small ISP, where there is little difference between ingress and egress routers, this is not that much of an issue. And in that case, I doubt the traffic levels are that high...
than outbound. Providers are filtering outbound, but it's inbound filters that have all the effort invested in them. They also tend to be a lot more dynamic thus are a lot better maintained.
I don't think any providers are doing outbound source filtering? Not to any large extent, at least that I know of. But I might be wrong...and people dream up the most strange solution nowadays - I am sure that if I where using MPWhateverS this would not be an issue..:) - kurtis -