[91243] in North American Network Operators' Group
RE: Best practices inquiry: filtering 128/1
daemon@ATHENA.MIT.EDU (WONG, Yuen-Fung)
Tue Jul 11 02:19:31 2006
Date: Tue, 11 Jul 2006 14:17:26 +0800
From: "WONG, Yuen-Fung" <Yuen-Fung.WONG@reach.com>
To: <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
=20
> Would anyone not filter those routes? Why wouldn't you filter to /7?
>=20
> Actually, I take that back. Why wouldn't you just get a feed from =20
> Cymru <http://www.cymru.com/Bogons/index.html> ??
>=20
We had some hesitation on putting in a 1/ le /7 filter as these are not =
mentioned in any document / recommendation that they are invalid / bogus =
routes... nor in the Cymru.
Anyway, just spotted this in Cymru [Ingress Prefix Filter Templates, =
Loose and Strict (Cisco)] but it was not included / mentioned in their =
fltr-bogons:
! Block Prefixes less than /5.=20
!
ip prefix-list ISP-Ingress-In-Loose seq 50 deny 0.0.0.0/0 le 5
!
! Block /6 and /7 prefixes - We have this in as a marker to see if any =
of the=20
! large networks pull together any /8s into smaller blocks. Watch this =
hit
! counters with "show ip prefix". Tuned per Adriana Vascan =
<avascan@cisco.com>=20
! suggestion.
!=20
ip prefix-list ISP-Ingress-In-Loose seq 55 deny 0.0.0.0/0 le 6=20
ip prefix-list ISP-Ingress-In-Loose seq 60 deny 0.0.0.0/0 le 7
!
-yf
