[76295] in North American Network Operators' Group
Re: Bogon filtering (don't ban me)
daemon@ATHENA.MIT.EDU (william(at)elan.net)
Sun Dec 5 13:06:24 2004
Date: Sun, 5 Dec 2004 10:31:57 -0800 (PST)
From: "william(at)elan.net" <william@elan.net>
To: Joe Abley <jabley@isc.org>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.44.0412051013440.23330-100000@sokol.elan.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 5 Dec 2004, william(at)elan.net wrote:
> On Sun, 5 Dec 2004, Joe Abley wrote:
>
> > On 5 Dec 2004, at 06:50, Cliff Albert wrote:
> >
> > > I have one question regarding the CYMRU bogon route-server. What good
> > > is
> > > it if more-specific bogons are going around in the BGP table ?
> >
> > With OpenBSD 3.6 running pf and bgpd, you can apply a filter rule to
> > BGP updates received from individual peers which updates a pf radix
> > table with the network received:
>
> PF and bgpd with local filter table is good when you're expecting those
> filtered ip routes to change often. But this is not true about bogons
Ok, I guess I did not read original post closely enough. PF is for
reinjecting routes that match local rules back into bgp, right?
If so I apologize, I though it was talking about taking bgp data
and using it to filter local servers....
For looking at active routes and seeing which ones match the rules I
personally use "hacked" bird daemon, but it is not ready for public
testing...
---
William Leibzon, Elan Networks:
mailto: william@elan.net
Anti-Spam and Email Security Research Worksite:
http://www.elan.net/~william/emailsecurity/
