Re: Bogon filtering (don't ban me)

[Jeroen Massar <jeroen () unfix org>]

On Fri, 2004-12-03 at 09:23 +0200, Hank Nussbacher wrote:
> In Ciscoland its called Autosecure (IOS 12.3):
> http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/cas11_ds.htm
>
> "Blocks all IANA reserved IP address blocks"
>
> The actual doc:
> <http://niatec.info/mediacontent/cisco/media/targets/resources_mod07/7_1_2_AutoSecure.pdf>
>
> Problem is, I still do not see that Cisco has a way of auto-updating a
> router that has used autosec_complete_bogon or
> autosec_iana_reserved_block.

The most likely have not (could not find it in above docs at least).

The thing with below draft is that it can also be used to spread your
own filters into the network and thus use it for eg blackholing features
and quite a number of other odd occasions.

A full auto-distribution of configs (inc. filters etc) is most likely
more interresting though.

> -Hank
>
> > We've proposed what vendors need to better support bogon filtering, even
> > wrote a draft:
> >   http://arneill-py.sacramento.ca.us/draft-py-idr-redisfilter-01.txt
> > but last time I talked to cisco ios person (which was just two weeks ago
> > at IPv6 Summit), it still has not been done. Perhaps couple more people
> > who buy their hardware asking them about it will make a difference ...

I will most likely add this to the BGP part of the upcoming new ecmh.

Greets,
 Jeroen

Attachment: signature.asc
Description: This is a digitally signed message part