Bogon filtering (don't ban me)
Cliff Albert
cliff at oisec.net
Sun Dec 5 17:48:43 UTC 2004
On Sun, Dec 05, 2004 at 12:41:32PM -0500, Joe Abley wrote:
> >I have one question regarding the CYMRU bogon route-server. What good
> >is
> >it if more-specific bogons are going around in the BGP table ?
>
> With OpenBSD 3.6 running pf and bgpd, you can apply a filter rule to
> BGP updates received from individual peers which updates a pf radix
> table with the network received:
Interesting, but no option on Juniper/IOS boxes/foundry boxen.
> This is an answer that is probably not useful for the average ISP
> backbone, but I tried it out a week or so ago on my home network
> firewall/router boxes, and it works very nicely. It's a good solution
> for (say) an enterprise network whose external traffic falls within the
> bounds of what an OpenBSD box can handle (or boxes, if you do stateful
> failover with CARP and pfsync).
Indeed, for such purposes it's a nice solutions.
--
Cliff Albert <cliff at oisec.net>
More information about the NANOG
mailing list