North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Bogon list
> The problem with bogon lists is that they change on a fairly regular > basis, for example each time a registry is given a new /8 to allocate > from. This makes the role of maintaining an "official" list of bogons > somewhat important, and the job of updating them somewhat annoying. :) Ingress peering filters have to be maintained. That comes with the territory. If you use Net Police filtering (i.e. explicit permit - only allow the RIR's blocks), you'll need to modify the list as the RIR's get new blocks allocated to them. If you use Bogon filtering (i.e. explicit deny - denying bogons and allowing everything else), you'll need to modify the list as the RIR's get new blocks allocated to them. Doing neither increases the risk of your network to BGP garbage attacks (i.e. incidents like the AS7007 fun). All Rob did is make it easier for those who do not like the Net Police filtering techniques. Now you have some templates to help get started with a bogon based ingress filter.
|