On Sun, Aug 17, 2008 at 07:57:25PM -0500, Pete Templin wrote:
Tomas L. Byrnes wrote:
Since there are ways to dynamically filter the bogons, using BGP or DNS, I don't really see the need to stop doing so. If you're managing your routing and firewall filters manually, you have bigger problems than the release of Bogon space.
Can you share the Cisco configuration snippet you recommend to dynamically FILTER bogons using BGP or DNS?
On a router with full routes (ie: no default) the command is: Router(config-if)#ip verify unicast source reachable-via any Go ahead and try it out. you can view the resulting drop counter via the 'show ip int <x/y>' command. While you're at it, you also placed the reachable-via rx on all your customer interfaces. If you're paranoid, start with the 'any' rpf and then move to the strict rpf. The strict rpf also helps with routing loops. - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.