[33876] in North American Network Operators' Group
Re: peer "sanity" filters - best practices?
daemon@ATHENA.MIT.EDU (Christian Nielsen)
Wed Jan 24 22:03:45 2001
Date: Wed, 24 Jan 2001 17:36:18 -0800 (PST)
From: Christian Nielsen <cnielsen@nielsen.net>
To: "David P. Maynard" <dpm@flametree.com>
Cc: <nanog@merit.edu>
In-Reply-To: <200101242206.QAA06486@bajo.flametree.com>
Message-ID: <Pine.GSO.4.30.0101241728240.5081-100000@moench.nielsen.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
well... everyone has different ways of doing it. basicly we do the
following.
for the larger peers, ie cw, uunet, bbn, sprint, we filter them via
as-path
ie
for uunet, we would filter _1239_ _1_ and _3561_
we set this up after a large internet router company leaked full routes to
^1239_.
for all other peers we filter _701_ _1239_ _1_ and _3561_.
next, we max-prefix all peers. this stops route-leaks. yes, sometimes a
peer gets shutdown because they just got a large new customer but i would
put this at about 1 in 100. the other times are because of poor filtering.
we filter RFC1918, default and reserved blocks. anyone notice that there
are companies using ips from IANA-Reserved? of course we dont see them
anymore. we also filter out things like 64/8. this is due to mis-config on
the isp side. no one should be sending 64/8.
lastly, we filter at the /24 level.
this should be a good start for anyone looking to do filtering.
Christian
