[76191] in North American Network Operators' Group
Re: Bogon filtering (don't ban me)
daemon@ATHENA.MIT.EDU (Hank Nussbacher)
Fri Dec 3 02:23:35 2004
Date: Fri, 3 Dec 2004 09:23:01 +0200 (IST)
From: Hank Nussbacher <hank@mail.iucc.ac.il>
To: "william(at)elan.net" <william@elan.net>
Cc: "J. Oquendo" <sil@politrix.org>, nanog@nanog.org
In-Reply-To: <Pine.LNX.4.44.0412022232010.23330-100000@sokol.elan.net>
Errors-To: owner-nanog-outgoing@merit.edu
In Ciscoland its called Autosecure (IOS 12.3):
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/cas11_ds.htm
"Blocks all IANA reserved IP address blocks"
The actual doc:
<http://niatec.info/mediacontent/cisco/media/targets/resources_mod07/7_1_2_AutoSecure.pdf>
Problem is, I still do not see that Cisco has a way of auto-updating a
router that has used autosec_complete_bogon or
autosec_iana_reserved_block.
-Hank
> We've proposed what vendors need to better support bogon filtering, even
> wrote a draft:
> http://arneill-py.sacramento.ca.us/draft-py-idr-redisfilter-01.txt
> but last time I talked to cisco ios person (which was just two weeks ago
> at IPv6 Summit), it still has not been done. Perhaps couple more people
> who buy their hardware asking them about it will make a difference ...
