[afnog] BGP /AS filtering
Saul Stein
saul at enetworks.co.za
Mon Jul 1 14:55:02 UTC 2013
Thanks all!
-----Original Message-----
From: Mark Tinka [mailto:mark.tinka at seacom.mu]
Sent: 01 July 2013 02:49 PM
To: Nishal Goburdhan
Cc: Saul Stein; African Network Operators
Subject: Re: [afnog] BGP /AS filtering
On Monday, July 01, 2013 02:36:08 PM Nishal Goburdhan wrote:
> automate it where you can - pull data from IRRs.
I'm really hopeful about RPKI.
> no. filter on ^as-path and prefix-filter. belt and
> braces! filtering just the as-path is bad. if you
> *must* choose, pick prefix-filters. more admin work, but safer.
> (unless you're pretty certain that the person you're peering with has
> clue, in which case, continue to filter on both asp-path and
> prefix-filter...!)
> *always* filter downstream.
> sink bogons.
> use sunscreen...
>
> as you've seen already, filtering is best done at the
> (very) edge - if it was done properly, there'd be a lot less mess to
> deal with...
Very good advice, all around.
Mark.
More information about the afnog
mailing list