[146108] in North American Network Operators' Group
Re: BGP conf
daemon@ATHENA.MIT.EDU (Jack Bates)
Wed Nov 2 22:05:15 2011
Date: Wed, 02 Nov 2011 21:04:04 -0500
From: Jack Bates <jbates@brightok.net>
To: nanog@nanog.org
In-Reply-To: <CAPWAtbJ4_dtBqwT+qj_tUJ6qtouzDu43+RwYhovYxnn_ywRkTw@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 11/2/2011 8:58 PM, Jeff Wheeler wrote:
> On Wed, Nov 2, 2011 at 8:44 PM, Jack Bates<jbates@brightok.net> wrote:
>> Now I have the mile long monstrosity that uses BGP communities for
>> everything, and of route-maps/policies with prefix-lists for downstream
>> customers. You have to start somewhere.
>>
>> cymru secure bgp templates is probably a good beginning.
> I guess ten years of watching RIRs and users de-bogon new /8s didn't
> teach you why those Cymru examples are more dangerous than they are
> good.
>
Have to read the current cymru bgp templates?
"
! Team Cymru has removed all static bogon references from this template
! due to the high probability that the application of these bogon filters
! will be a one-time event. Unfortunately many of these templates are
! applied and never re-visited, despite our dire warnings that bogons do
! change.
!
! This doesn't mean bogon filtering can't be accomplished in an automated
! manner. Why not consider peering with our globally distributed bogon
! route-server project? Alternately you can obtain a current and well
! maintained bogon feed from our DNS and RADb services. Read more at the
! link below to learn how!
!
! https://www.team-cymru.org/Services/Bogons/
"
