[prev in list] [next in list] [prev in thread] [next in thread]
List: afnog
Subject: Re: [afnog] BGP /AS filtering
From: "Saul Stein" <saul () enetworks ! co ! za>
Date: 2013-07-01 14:55:02
Message-ID: 3c6301ce766a$f736d5a0$e5a480e0$ () enetworks ! co ! za
[Download RAW message or body]
Thanks all!
-----Original Message-----
From: Mark Tinka [mailto:mark.tinka@seacom.mu]
Sent: 01 July 2013 02:49 PM
To: Nishal Goburdhan
Cc: Saul Stein; African Network Operators
Subject: Re: [afnog] BGP /AS filtering
On Monday, July 01, 2013 02:36:08 PM Nishal Goburdhan wrote:
> automate it where you can - pull data from IRRs.
I'm really hopeful about RPKI.
> no. filter on ^as-path and prefix-filter. belt and
> braces! filtering just the as-path is bad. if you
> *must* choose, pick prefix-filters. more admin work, but safer.
> (unless you're pretty certain that the person you're peering with has
> clue, in which case, continue to filter on both asp-path and
> prefix-filter...!)
> *always* filter downstream.
> sink bogons.
> use sunscreen...
>
> as you've seen already, filtering is best done at the
> (very) edge - if it was done properly, there'd be a lot less mess to
> deal with...
Very good advice, all around.
Mark.
_______________________________________________
afnog mailing list
http://afnog.org/mailman/listinfo/afnog
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic