North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: How many backbones here are filtering the makelovenotspam scr eensaver site?
Chad, > That's why I am a very firm believer in the power of "ip route > x.x.x.x y.y.y.y null0" command. :) Makes the problem go away for me > (for the most part) and doesn't cause anyone else any pain as a > result except my customers, who agreed to let me use that power when > they purchased service from me. I would rather prefer the traffic not hitting anything behind my transit/peering machinery at all, so the "ip route" alone doesn't make me happy, I also have to adjust ingress ACLs every once in a while. And while Cisco's autosecure feature looks fine in most parts (saves a lazy overworked bum like me a lot of typing), it does not do much good - in my opinion - when it comes to bogon filtering. I prefer knowing what the filter looks like, and it does not seem to give me that, nor any way of modifying the list (correct me if I'm wrong). I like the simplicity of, e.g., the Cymru route-server project, giving me bogon prefixes I can then blackhole, and giving me the opportunity to filter those prefixes (and hence my filters). Unfortunately, this only works for egress, and I still have to look after my ingress ACLs. Oh, and of course this is only a good thing as long as the Cymru folks can be trusted... Cheers, Elmi. -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <[email protected]>) --------------------------------------------------------------[ ELMI-RIPE ]---
|