RFC 1597

• Previous message (by thread): RFC 1597
• Next message (by thread): RFC 1597
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> *> 192.168.22.0     144.228.71.5    0 1239 1800 1804 1128 1955 3337 ?
> *> 192.168.100.0/22 144.228.71.5    0 1239 1794 ?
> *> 192.168.216.0    144.228.71.5    0 1239 1800 1755 1273 ?
> 
> Shame on you 3337, 1794 and 1273.

Indeed.  Since it's not my turn to be at fault for this kind of thing tonight,
I guess I'll chime in with a copy of some useful goodies that Andrew Partan
bestowed upon me last time CIX was caught advertising something bad:

router bgp xxxx
 neighbor y.y.y.y remote-as zzzz
 neighbor y.y.y.y distribute-list 100 in
 neighbor y.y.y.y distribute-list 101 out

access-list 100 deny   ip host 0.0.0.0 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 deny   ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 100 deny   ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 deny   ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 deny   ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 deny   ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 deny   ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 deny   ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 deny   ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
access-list 100 deny   ip any 255.255.255.128 0.0.0.127
access-list 100 permit ip any any

access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 101 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 101 deny   ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 101 deny   ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 101 deny   ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny   ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 101 deny   ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 101 deny   ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny   ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 101 deny   ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
access-list 101 deny   ip any 255.255.255.128 0.0.0.127
access-list 101 permit ip any any

These are currently identical, but they're split into separate access-list's
in case the sending restrictions and the receiving restrictions ever have
cause to differ.

Note that everybody who's anybody uses peer groups rather than duplicating
this for every peer, but I'm the wrong person to try to explain peer groups
so the above was intentionally kept at my "grunt, poke, listen" level.

• Previous message (by thread): RFC 1597
• Next message (by thread): RFC 1597
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]