[76303] in North American Network Operators' Group
Re: Bogon filtering (don't ban me)
daemon@ATHENA.MIT.EDU (James)
Sun Dec 5 14:34:01 2004
Date: Sun, 5 Dec 2004 14:31:56 -0500
From: James <haesu@towardex.com>
To: Cliff Albert <cliff@oisec.net>
Cc: Rob Thomas <robt@cymru.com>, NANOG <nanog@merit.edu>
In-Reply-To: <20041205183806.GA21673@oisec.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, Dec 05, 2004 at 07:38:06PM +0100, Cliff Albert wrote:
>
> On Sun, Dec 05, 2004 at 12:36:08PM -0600, Rob Thomas wrote:
>
> > ] I have one question regarding the CYMRU bogon route-server. What good is
> > ] it if more-specific bogons are going around in the BGP table ?
> >
> > At present, none. We have feature requests into some major router
> > vendors to make this more useful. The goal is to provide a syntax
> > similar to prefix-list that would permit you to filter on a prefix
> > and anything more specific. Stay tuned!
>
> Indeed, that's the biggest problem at the moment. I have seen some folks
> feature requesting this at juniper, but seems they all got a big NO
> back.
>
> --
> Cliff Albert <cliff@oisec.net>
Just FYI --
Team Cymru also provides IRR objects for those using automated BGP policies
with ease. Using IRR objects, dependent on how *you* set it up, you should be
able to filter out specifics.
Their object is fltr-bogons on whois.radb.net:
filter-set: fltr-bogons
descr: All bogon IPv4 prefixes.
filter: fltr-unallocated OR fltr-martian
tech-c: RTH32-ARIN
admin-c: RTH32-ARIN
mnt-by: MAINT-BOGON-FILTERS
changed: radb@cymru.com 20040420
source: RIPE
Example for filtering bogons from transit:
import: from AS209 accept ANY and not fltr-bogons
I make use of these objects for configuring BGP for customers who are multihomed
to different ISP's, so far with great success.
Hope this helps,
-J
--
James Jun TowardEX Technologies, Inc.
Technical Lead Boston IPv4/IPv6 Web Hosting, Colocation and
james@towardex.com Network design/consulting & configuration services
cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
