Is it time to abandon bogon prefix filters?

• Previous message (by thread): Is it time to abandon bogon prefix filters?
• Next message (by thread): Is it time to abandon bogon prefix filters?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Aug 17, 2008 at 07:57:25PM -0500, Pete Templin wrote:
> Tomas L. Byrnes wrote:
>> Since there are ways to dynamically filter the bogons, using BGP or DNS,
>> I don't really see the need to stop doing so. If you're managing your
>> routing and firewall filters manually, you have bigger problems than the
>> release of Bogon space. 
>
> Can you share the Cisco configuration snippet you recommend to  
> dynamically FILTER bogons using BGP or DNS?

	On a router with full routes (ie: no default) the command
is:

Router(config-if)#ip verify unicast source reachable-via any 

	Go ahead and try it out.  you can view the resulting
drop counter via the 'show ip int <x/y>' command.

	While you're at it, you also placed the reachable-via rx on
all your customer interfaces.  If you're paranoid, start with the 'any'
rpf and then move to the strict rpf.  The strict rpf also helps with
routing loops.

	- Jared

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

• Previous message (by thread): Is it time to abandon bogon prefix filters?
• Next message (by thread): Is it time to abandon bogon prefix filters?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]