North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: route filtering in large networks
From: "Richard A Steenbergen" > Simple, apply a bogon list and then fail to update it. If you are not > ready willing and able to keep your lists updated, you probably shouldn't > have applied them in the first place. I routinely see people doing absurd > things like applying ipfw bogon filters on individual servers to "protect > against DoS" that end up costing them way more in performance than they > could possibly gain from filtering the bogons. Let's keep it real folks, > these filters aren't needed everywhere. > You think that's bad? Try this one. Contacted network to inform them that they had an access list on a router rejecting 69/8 and that 69/8 was recently handed out, blah blah blah. Get a call back saying that they found the route for 69 and removed it. Could I please try it again. To humor said person, I tried it again and got what I expected (A). My question is, if he's running an acl with a bogon list, why does he have a route (presumably static since it was removed) for 69/8? I'm tempted to start mailing out bananas. -Jack
|