[afnog] Private IP Filters in bgp
Mark Tinka
mark.tinka at seacom.mu
Sat May 26 09:35:19 UTC 2012
On Saturday, May 26, 2012 08:38:38 AM Mohamed Faye wrote:
> ip prefix-list bgp-sanity-filter
> permit 0.0.0.0/0 le 32
Mohamed, the final filter in this prefix list example is too
generous. If you keep it this way, your provider could send
you address space longer than a /24 and you'd end up
accepting it.
Suggest you make this "0.0.0.0/0 le 24", as a /24 is the
"unofficial" maximum prefix length most operators are
willing to accept, given the ever-growing DFZ, e.t.c.
You'd be surprised how many (so-called top-level) upstream
providers aren't doing basic filtering in their own
networks, both in the control and data planes.
Mark.
More information about the afnog
mailing list