|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Sun, 5 Dec 2004 18:48:43 +0100 From: Cliff Albert <cliff@oisec.net> To: Joe Abley <jabley@isc.org> Cc: NANOG <nanog@merit.edu> In-Reply-To: <E71C8F46-46E4-11D9-BE84-000D93B24C7A@isc.org> Errors-To: owner-nanog-outgoing@merit.edu On Sun, Dec 05, 2004 at 12:41:32PM -0500, Joe Abley wrote: > >I have one question regarding the CYMRU bogon route-server. What good > >is > >it if more-specific bogons are going around in the BGP table ? > > With OpenBSD 3.6 running pf and bgpd, you can apply a filter rule to > BGP updates received from individual peers which updates a pf radix > table with the network received: Interesting, but no option on Juniper/IOS boxes/foundry boxen. > This is an answer that is probably not useful for the average ISP > backbone, but I tried it out a week or so ago on my home network > firewall/router boxes, and it works very nicely. It's a good solution > for (say) an enterprise network whose external traffic falls within the > bounds of what an OpenBSD box can handle (or boxes, if you do stateful > failover with CARP and pfsync). Indeed, for such purposes it's a nice solutions. -- Cliff Albert <cliff@oisec.net>
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |