nanog mailing list archives

Re: route filtering in large networks

From: "Jack Bates" <jbates () brightok net>
Date: Wed, 12 Mar 2003 22:04:51 -0600


From: "Richard A Steenbergen"

Simple, apply a bogon list and then fail to update it. If you are not
ready willing and able to keep your lists updated, you probably shouldn't
have applied them in the first place. I routinely see people doing absurd
things like applying ipfw bogon filters on individual servers to "protect
against DoS" that end up costing them way more in performance than they
could possibly gain from filtering the bogons. Let's keep it real folks,
these filters aren't needed everywhere.

You think that's bad? Try this one. Contacted network to inform them that
they had an access list on a router rejecting 69/8 and that 69/8 was
recently handed out, blah blah blah. Get a call back saying that they found
the route for 69 and removed it. Could I please try it again. To humor said
person, I tried it again and got what I expected (A). My question is, if
he's running an acl with a bogon list, why does he have a route (presumably
static since it was removed) for 69/8? I'm tempted to start mailing out
bananas.

-Jack

Current thread:

Re: Put part of Google on 69/8 (was Re: 69/8...this sucks), (continued)
- - - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Richard A Steenbergen (Mar 11)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) wireworks (Mar 11)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) JC Dill (Mar 11)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Richard A Steenbergen (Mar 11)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Adam Rothschild (Mar 11)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Greg Maxwell (Mar 12)
    - Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) JC Dill (Mar 12)
    - gender and nanog Randy Bush (Mar 12)
    - route filtering in large networks Andy Dills (Mar 12)
    - Re: route filtering in large networks Richard A Steenbergen (Mar 12)
    - Re: route filtering in large networks Jack Bates (Mar 12)
    - RE: route filtering in large networks Michael K. Smith (Mar 12)
    - Re: route filtering in large networks Jack Bates (Mar 12)
    - Re: route filtering in large networks Peter E. Fry (Mar 12)
    - Re: route filtering in large networks Christopher L. Morrow (Mar 12)
    - Re: route filtering in large networks Rob Thomas (Mar 12)
    - Re: route filtering in large networks Randy Bush (Mar 12)
    - Re: route filtering in large networks E.B. Dreger (Mar 13)
    - Re: route filtering in large networks Lars Erik Gullerud (Mar 13)
    - Re: route filtering in large networks Alan Hannan (Mar 12)
    - Re: route filtering in large networks Randy Bush (Mar 12)

(Thread continues...)