Bogon filtering (don't ban me)

Cliff Albert cliff at oisec.net
Sun Dec 5 17:48:43 UTC 2004


On Sun, Dec 05, 2004 at 12:41:32PM -0500, Joe Abley wrote:

> >I have one question regarding the CYMRU bogon route-server. What good 
> >is
> >it if more-specific bogons are going around in the BGP table ?
> 
> With OpenBSD 3.6 running pf and bgpd, you can apply a filter rule to 
> BGP updates received from individual peers which updates a pf radix 
> table with the network received:

Interesting, but no option on Juniper/IOS boxes/foundry boxen. 

> This is an answer that is probably not useful for the average ISP 
> backbone, but I tried it out a week or so ago on my home network 
> firewall/router boxes, and it works very nicely. It's a good solution 
> for (say) an enterprise network whose external traffic falls within the 
> bounds of what an OpenBSD box can handle (or boxes, if you do stateful 
> failover with CARP and pfsync).

Indeed, for such purposes it's a nice solutions.

-- 
Cliff Albert <cliff at oisec.net>



More information about the NANOG mailing list