[56742] in North American Network Operators' Group
Re: route filtering in large networks
daemon@ATHENA.MIT.EDU (Rob Thomas)
Thu Mar 13 01:57:33 2003
Date: Thu, 13 Mar 2003 00:57:00 -0600 (CST)
From: Rob Thomas <robt@cymru.com>
To: NANOG <nanog@merit.edu>
In-Reply-To: <01b701c2e91d$4e57de60$3f154241@jackdell>
Errors-To: owner-nanog-outgoing@merit.edu
Hi, Jack.
] Nice, although it doesn't explain the purpose of having the routes if you
] have an acl. To keep viruses from attempting to contact bogons? To stop your
] internal network from surfing the bogon web which can't reply back anyways?
Basically, yes. I'm not worried about folks web surfing 10/8. :)
There are things that go wrong, however, and I firmly believe in
filtering both on ingress and egress (at the edge, to be clear).
This is an extra bit of protection in case something bad happens,
be it malware, fat fingers, etc.
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);
