RE: Is it time to abandon bogon prefix filters?

["Tomas L. Byrnes" <tomb () byrneit net>]

ACLs 
 

> -----Original Message-----
> From: Pete Templin [mailto:petelists () templin org] 
> Sent: Sunday, August 17, 2008 5:57 PM
> To: Tomas L. Byrnes
> Cc: NANOG list
> Subject: Re: Is it time to abandon bogon prefix filters?
>
> Tomas L. Byrnes wrote:
> > Since there are ways to dynamically filter the bogons, using BGP or 
> > DNS, I don't really see the need to stop doing so. If 
> you're managing 
> > your routing and firewall filters manually, you have bigger 
> problems 
> > than the release of Bogon space.
>
> Can you share the Cisco configuration snippet you recommend 
> to dynamically FILTER bogons using BGP or DNS?  Not just 
> inserting null-routes for the bogon aggregates, but 
> preventing the acceptance of more-specifics that 
> transits/peers/customers have managed to sneak past someone's 
> filters (or lack thereof), please.
>
> (Without an offline configuration generator, I postulate that 
> it can't be done.)
>
> pt