Best practices inquiry: filtering 128/1

• Previous message (by thread): Best practices inquiry: filtering 128/1
• Next message (by thread): Best practices inquiry: filtering 128/1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 
> Would anyone not filter those routes?  Why wouldn't you filter to /7?
> 
> Actually, I take that back.  Why wouldn't you just get a feed from  
> Cymru <http://www.cymru.com/Bogons/index.html> ??
> 

We had some hesitation on putting in a 1/ le /7 filter as these are not mentioned in any document / recommendation that they are invalid / bogus routes...  nor in the Cymru.

Anyway, just spotted this in Cymru [Ingress Prefix Filter Templates, Loose and Strict (Cisco)] but it was not included / mentioned in their fltr-bogons:

! Block Prefixes less than /5. 
!
ip prefix-list ISP-Ingress-In-Loose seq 50 deny 0.0.0.0/0 le 5
!
! Block /6 and /7 prefixes - We have this in as a marker to see if any of the 
! large networks pull together any /8s into smaller blocks. Watch this hit
! counters with "show ip prefix". Tuned per Adriana Vascan <avascan at cisco.com> 
! suggestion.
! 
ip prefix-list ISP-Ingress-In-Loose seq 55 deny 0.0.0.0/0 le 6 
ip prefix-list ISP-Ingress-In-Loose seq 60 deny 0.0.0.0/0 le 7
!

-yf

• Previous message (by thread): Best practices inquiry: filtering 128/1
• Next message (by thread): Best practices inquiry: filtering 128/1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]