On Tue, 11 Mar 2003, Richard A Steenbergen wrote:
On Tue, Mar 11, 2003 at 11:38:23AM -0800, Owen DeLong wrote:
As such, is a BGP feed a panacea? No. Is it a step in the right direction? Yes. Will it solve the problem by itself? No. Will it improve the
So, someone feel free to smack me if I'm mentioning something which has been discussed already (there isn't enough masochism in the world to make me read this entire thread), buttttt...
How exactly is a BGP feed of bogons useful in any way shape form of fashion? It doesn't prevent people from announcing more specifics, it doesn't do anything about source address bogons, it can't be used to packet filter... How exactly would it do anything other than simply not having the route at all?
I guess that emperor is a little naked after all :) Without applying hard-coded bogon filters to your peers (to prevent receiving longer prefixes in bogon space), it is essentially useless. http://www.cymru.com/Documents/secure-bgp-template.html lists a nice template. But then we're back right where we started, may as well just have a static ACL...unless you can't afford the ACL hit, in which case filtering announcements from your peers and routing everything bogon into a traffic sink would be a great solution. We're all filtering announcements from our peers anyway, right? :) Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access