|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Bogon filtering (don't ban me)
On Sun, Dec 05, 2004 at 12:41:32PM -0500, Joe Abley wrote: > >I have one question regarding the CYMRU bogon route-server. What good > >is > >it if more-specific bogons are going around in the BGP table ? > > With OpenBSD 3.6 running pf and bgpd, you can apply a filter rule to > BGP updates received from individual peers which updates a pf radix > table with the network received: Interesting, but no option on Juniper/IOS boxes/foundry boxen. > This is an answer that is probably not useful for the average ISP > backbone, but I tried it out a week or so ago on my home network > firewall/router boxes, and it works very nicely. It's a good solution > for (say) an enterprise network whose external traffic falls within the > bounds of what an OpenBSD box can handle (or boxes, if you do stateful > failover with CARP and pfsync). Indeed, for such purposes it's a nice solutions. -- Cliff Albert <[email protected]>
|