Re: BGP conf

[Jack Bates <jbates () brightok net>]

On 11/2/2011 8:58 PM, Jeff Wheeler wrote:
> On Wed, Nov 2, 2011 at 8:44 PM, Jack Bates<jbates () brightok net>  wrote:
> > Now I have the mile long monstrosity that uses BGP communities for
> > everything, and of route-maps/policies with prefix-lists for downstream
> > customers. You have to start somewhere.
> >
> > cymru secure bgp templates is probably a good beginning.
> I guess ten years of watching RIRs and users de-bogon new /8s didn't
> teach you why those Cymru examples are more dangerous than they are
> good.
Have to read the current cymru bgp templates?

"

! Team Cymru has removed all static bogon references from this template
! due to the high probability that the application of these bogon filters
! will be a one-time event. Unfortunately many of these templates are
! applied and never re-visited, despite our dire warnings that bogons do
! change.
!
! This doesn't mean bogon filtering can't be accomplished in an automated
! manner. Why not consider peering with our globally distributed bogon
! route-server project? Alternately you can obtain a current and well
! maintained bogon feed from our DNS and RADb services. Read more at the
! link below to learn how!
!
!       https://www.team-cymru.org/Services/Bogons/
"