On 11/2/2011 8:58 PM, Jeff Wheeler wrote:
On Wed, Nov 2, 2011 at 8:44 PM, Jack Bates<jbates@brightok.net> wrote:
Now I have the mile long monstrosity that uses BGP communities for everything, and of route-maps/policies with prefix-lists for downstream customers. You have to start somewhere.
cymru secure bgp templates is probably a good beginning. I guess ten years of watching RIRs and users de-bogon new /8s didn't teach you why those Cymru examples are more dangerous than they are good.
Have to read the current cymru bgp templates? " ! Team Cymru has removed all static bogon references from this template ! due to the high probability that the application of these bogon filters ! will be a one-time event. Unfortunately many of these templates are ! applied and never re-visited, despite our dire warnings that bogons do ! change. ! ! This doesn't mean bogon filtering can't be accomplished in an automated ! manner. Why not consider peering with our globally distributed bogon ! route-server project? Alternately you can obtain a current and well ! maintained bogon feed from our DNS and RADb services. Read more at the ! link below to learn how! ! ! https://www.team-cymru.org/Services/Bogons/ "