[afnog] BGP /AS filtering
Mark Tinka
mark.tinka at seacom.mu
Mon Jul 1 12:49:18 UTC 2013
On Monday, July 01, 2013 02:36:08 PM Nishal Goburdhan wrote:
> automate it where you can - pull data from IRRs.
I'm really hopeful about RPKI.
> no. filter on ^as-path and prefix-filter. belt and
> braces! filtering just the as-path is bad. if you
> *must* choose, pick prefix-filters. more admin work,
> but safer. (unless you're pretty certain that the person
> you're peering with has clue, in which case, continue to
> filter on both asp-path and prefix-filter...!)
> *always* filter downstream.
> sink bogons.
> use sunscreen...
>
> as you've seen already, filtering is best done at the
> (very) edge - if it was done properly, there'd be a lot
> less mess to deal with...
Very good advice, all around.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://afnog.org/pipermail/afnog/attachments/20130701/67f98b72/attachment.sig>
More information about the afnog
mailing list