69/8...this sucks
Andy Dills
andy at xecu.net
Wed Mar 12 00:44:06 UTC 2003
On Tue, 11 Mar 2003, Richard A Steenbergen wrote:
>
> On Tue, Mar 11, 2003 at 11:38:23AM -0800, Owen DeLong wrote:
> >
> > As such, is a BGP feed a panacea? No. Is it a step in the right direction?
> > Yes. Will it solve the problem by itself? No. Will it improve the
>
> So, someone feel free to smack me if I'm mentioning something which has
> been discussed already (there isn't enough masochism in the world to make
> me read this entire thread), buttttt...
>
> How exactly is a BGP feed of bogons useful in any way shape form of
> fashion? It doesn't prevent people from announcing more specifics, it
> doesn't do anything about source address bogons, it can't be used to
> packet filter... How exactly would it do anything other than simply not
> having the route at all?
I guess that emperor is a little naked after all :)
Without applying hard-coded bogon filters to your peers (to prevent
receiving longer prefixes in bogon space), it is essentially useless.
http://www.cymru.com/Documents/secure-bgp-template.html lists a nice
template. But then we're back right where we started, may as well just
have a static ACL...unless you can't afford the ACL hit, in which case
filtering announcements from your peers and routing everything bogon into
a traffic sink would be a great solution.
We're all filtering announcements from our peers anyway, right? :)
Andy
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills 301-682-9972
Xecunet, LLC www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access
More information about the NANOG
mailing list