North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: 69/8...this sucks
On Tue, 11 Mar 2003, Richard A Steenbergen wrote: > > On Tue, Mar 11, 2003 at 11:38:23AM -0800, Owen DeLong wrote: > > > > As such, is a BGP feed a panacea? No. Is it a step in the right direction? > > Yes. Will it solve the problem by itself? No. Will it improve the > > So, someone feel free to smack me if I'm mentioning something which has > been discussed already (there isn't enough masochism in the world to make > me read this entire thread), buttttt... > > How exactly is a BGP feed of bogons useful in any way shape form of > fashion? It doesn't prevent people from announcing more specifics, it > doesn't do anything about source address bogons, it can't be used to > packet filter... How exactly would it do anything other than simply not > having the route at all? I guess that emperor is a little naked after all :) Without applying hard-coded bogon filters to your peers (to prevent receiving longer prefixes in bogon space), it is essentially useless. http://www.cymru.com/Documents/secure-bgp-template.html lists a nice template. But then we're back right where we started, may as well just have a static ACL...unless you can't afford the ACL hit, in which case filtering announcements from your peers and routing everything bogon into a traffic sink would be a great solution. We're all filtering announcements from our peers anyway, right? :) Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access
|