North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Is it time to abandon bogon prefix filters?
On Sun, Aug 17, 2008 at 07:57:25PM -0500, Pete Templin wrote: > Tomas L. Byrnes wrote: >> Since there are ways to dynamically filter the bogons, using BGP or DNS, >> I don't really see the need to stop doing so. If you're managing your >> routing and firewall filters manually, you have bigger problems than the >> release of Bogon space. > > Can you share the Cisco configuration snippet you recommend to > dynamically FILTER bogons using BGP or DNS? On a router with full routes (ie: no default) the command is: Router(config-if)#ip verify unicast source reachable-via any Go ahead and try it out. you can view the resulting drop counter via the 'show ip int <x/y>' command. While you're at it, you also placed the reachable-via rx on all your customer interfaces. If you're paranoid, start with the 'any' rpf and then move to the strict rpf. The strict rpf also helps with routing loops. - Jared -- Jared Mauch | pgp key available via finger from jared@xxxxxxxxxxxxxxx clue++; | http://puck.nether.net/~jared/ My statements are only mine.