On Sun, Dec 05, 2004 at 12:41:32PM -0500, Joe Abley wrote:
I have one question regarding the CYMRU bogon route-server. What good is it if more-specific bogons are going around in the BGP table ?
With OpenBSD 3.6 running pf and bgpd, you can apply a filter rule to BGP updates received from individual peers which updates a pf radix table with the network received:
Interesting, but no option on Juniper/IOS boxes/foundry boxen.
This is an answer that is probably not useful for the average ISP backbone, but I tried it out a week or so ago on my home network firewall/router boxes, and it works very nicely. It's a good solution for (say) an enterprise network whose external traffic falls within the bounds of what an OpenBSD box can handle (or boxes, if you do stateful failover with CARP and pfsync).
Indeed, for such purposes it's a nice solutions. -- Cliff Albert <cliff@oisec.net>