[56732] in North American Network Operators' Group
Re: route filtering in large networks
daemon@ATHENA.MIT.EDU (Jack Bates)
Wed Mar 12 23:08:09 2003
From: "Jack Bates" <jbates@brightok.net>
To: "Richard A Steenbergen" <ras@e-gerbil.net>,
"Andy Dills" <andy@xecu.net>
Cc: "Randy Bush" <randy@psg.com>, <nanog@merit.edu>
Date: Wed, 12 Mar 2003 22:04:51 -0600
Errors-To: owner-nanog-outgoing@merit.edu
From: "Richard A Steenbergen"
> Simple, apply a bogon list and then fail to update it. If you are not
> ready willing and able to keep your lists updated, you probably shouldn't
> have applied them in the first place. I routinely see people doing absurd
> things like applying ipfw bogon filters on individual servers to "protect
> against DoS" that end up costing them way more in performance than they
> could possibly gain from filtering the bogons. Let's keep it real folks,
> these filters aren't needed everywhere.
>
You think that's bad? Try this one. Contacted network to inform them that
they had an access list on a router rejecting 69/8 and that 69/8 was
recently handed out, blah blah blah. Get a call back saying that they found
the route for 69 and removed it. Could I please try it again. To humor said
person, I tried it again and got what I expected (A). My question is, if
he's running an acl with a bogon list, why does he have a route (presumably
static since it was removed) for 69/8? I'm tempted to start mailing out
bananas.
-Jack
