Bogon filtering (don't ban me)

• Previous message (by thread): Bogon filtering (don't ban me)
• Next message (by thread): Bogon filtering (don't ban me)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Cliff Albert wrote:
> On Sun, Dec 05, 2004 at 12:41:32PM -0500, Joe Abley wrote:
 >>
>>>I have one question regarding the CYMRU bogon route-server. What good 
>>>is it if more-specific bogons are going around in the BGP table ?
>>
>>With OpenBSD 3.6 running pf and bgpd, you can apply a filter rule to 
>>BGP updates received from individual peers which updates a pf radix 
>>table with the network received:

Nice - anyone know of anything equivalent for ipf/pfil on Solaris?

> Interesting, but no option on Juniper/IOS boxes/foundry boxen. 

Since 12.0(29)S and 12.2(25)S, this feature:

BGP Support for IP Prefix Import from Global Table into a VRF Table
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s29/cs_bgivt.htm

does the trick nicely, as long as you trust builds that new,
and your linecards are new enough.  Worked fine in my testing.

This is effectively a way of populating a VRF and then pointing uRPF at
it.  I think it was aimed at feasible path uRPF, but can do the bogon
stuff as well.
-- 
Ian Dickinson
Development Engineer
PIPEX
ian.dickinson at pipex.net
http://www.pipex.net

This e-mail is subject to: http://www.pipex.net/disclaimer.html

• Previous message (by thread): Bogon filtering (don't ban me)
• Next message (by thread): Bogon filtering (don't ban me)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]