nanog mailing list archives

Re: Is it time to abandon bogon prefix filters?

From: Jared Mauch <jared () puck nether net>
Date: Mon, 18 Aug 2008 08:33:08 -0400

On Sun, Aug 17, 2008 at 07:57:25PM -0500, Pete Templin wrote:

Tomas L. Byrnes wrote:

Since there are ways to dynamically filter the bogons, using BGP or DNS,
I don't really see the need to stop doing so. If you're managing your
routing and firewall filters manually, you have bigger problems than the
release of Bogon space.


Can you share the Cisco configuration snippet you recommend to  
dynamically FILTER bogons using BGP or DNS?


        On a router with full routes (ie: no default) the command
is:

Router(config-if)#ip verify unicast source reachable-via any 

        Go ahead and try it out.  you can view the resulting
drop counter via the 'show ip int <x/y>' command.

        While you're at it, you also placed the reachable-via rx on
all your customer interfaces.  If you're paranoid, start with the 'any'
rpf and then move to the strict rpf.  The strict rpf also helps with
routing loops.

        - Jared

-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

Current thread:

Re: Is it time to abandon bogon prefix filters?, (continued)
- - - Re: Is it time to abandon bogon prefix filters? Steven M. Bellovin (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Randy Bush (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Laurence F. Sheldon, Jr. (Aug 15)
    - Re: Is it time to abandon bogon prefix filters? Robert E. Seastrom (Aug 15)
    - RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 16)
    - Re: Is it time to abandon bogon prefix filters? Pete Templin (Aug 17)
    - RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 17)
    - RE: Is it time to abandon bogon prefix filters? michael.dillon (Aug 18)
    - Re: Is it time to abandon bogon prefix filters? Jared Mauch (Aug 18)
    - Re: Is it time to abandon bogon prefix filters? Pete Templin (Aug 18)
    - Re: Is it time to abandon bogon prefix filters? Sam Stickland (Aug 18)
    - Re: Is it time to abandon bogon prefix filters? Nathan Ward (Aug 18)
    - Re: Is it time to abandon bogon prefix filters? Chris Adams (Aug 18)
    - RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 18)
    - Re: Is it time to abandon bogon prefix filters? Danny McPherson (Aug 18)
    - Re: Is it time to abandon bogon prefix filters? Sean Donelan (Aug 21)
    - RE: Is it time to abandon bogon prefix filters? Tomas L. Byrnes (Aug 24)
    - Re: Is it time to abandon bogon prefix filters? Valdis . Kletnieks (Aug 25)
    - Re: Is it time to abandon bogon prefix filters? Chris Marlatt (Aug 25)

(Thread continues...)