|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Best practices inquiry: filtering 128/1
> Would anyone not filter those routes? Why wouldn't you filter to /7? > > Actually, I take that back. Why wouldn't you just get a feed from > Cymru <http://www.cymru.com/Bogons/index.html> ?? > We had some hesitation on putting in a 1/ le /7 filter as these are not mentioned in any document / recommendation that they are invalid / bogus routes... nor in the Cymru. Anyway, just spotted this in Cymru [Ingress Prefix Filter Templates, Loose and Strict (Cisco)] but it was not included / mentioned in their fltr-bogons: ! Block Prefixes less than /5. ! ip prefix-list ISP-Ingress-In-Loose seq 50 deny 0.0.0.0/0 le 5 ! ! Block /6 and /7 prefixes - We have this in as a marker to see if any of the ! large networks pull together any /8s into smaller blocks. Watch this hit ! counters with "show ip prefix". Tuned per Adriana Vascan <[email protected]> ! suggestion. ! ip prefix-list ISP-Ingress-In-Loose seq 55 deny 0.0.0.0/0 le 6 ip prefix-list ISP-Ingress-In-Loose seq 60 deny 0.0.0.0/0 le 7 ! -yf
|