Is it time to abandon bogon prefix filters?

Tomas L. Byrnes tomb at byrneit.net
Sun Aug 17 22:36:09 CDT 2008


ACLs 
 

> -----Original Message-----
> From: Pete Templin [mailto:petelists at templin.org] 
> Sent: Sunday, August 17, 2008 5:57 PM
> To: Tomas L. Byrnes
> Cc: NANOG list
> Subject: Re: Is it time to abandon bogon prefix filters?
> 
> Tomas L. Byrnes wrote:
> > Since there are ways to dynamically filter the bogons, using BGP or 
> > DNS, I don't really see the need to stop doing so. If 
> you're managing 
> > your routing and firewall filters manually, you have bigger 
> problems 
> > than the release of Bogon space.
> 
> Can you share the Cisco configuration snippet you recommend 
> to dynamically FILTER bogons using BGP or DNS?  Not just 
> inserting null-routes for the bogon aggregates, but 
> preventing the acceptance of more-specifics that 
> transits/peers/customers have managed to sneak past someone's 
> filters (or lack thereof), please.
> 
> (Without an offline configuration generator, I postulate that 
> it can't be done.)
> 
> pt
> 




More information about the NANOG mailing list