peer "sanity" filters - best practices?

• Previous message (by thread): peer "sanity" filters - best practices?
• Next message (by thread): peer "sanity" filters - best practices?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

well... everyone has different ways of doing it. basicly we do the
following.

for the larger peers, ie cw, uunet, bbn, sprint, we filter them via
as-path

ie

for uunet, we would filter _1239_ _1_ and _3561_

we set this up after a large internet router company leaked full routes to
^1239_.

for all other peers we filter _701_ _1239_ _1_ and _3561_.

next, we max-prefix all peers. this stops route-leaks. yes, sometimes a
peer gets shutdown because they just got a large new customer but i would
put this at about 1 in 100. the other times are because of poor filtering.

we filter RFC1918, default and reserved blocks. anyone notice that there
are companies using ips from IANA-Reserved? of course we dont see them
anymore. we also filter out things like 64/8. this is due to mis-config on
the isp side. no one should be sending 64/8.

lastly, we filter at the /24 level.

this should be a good start for anyone looking to do filtering.

Christian

• Previous message (by thread): peer "sanity" filters - best practices?
• Next message (by thread): peer "sanity" filters - best practices?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]