RE: Best practices inquiry: filtering 128/1

• Previous message: Rob Thomas: "Re: Best practices inquiry: filtering 128/1"
• Maybe in reply to: WONG, Yuen-Fung: "Best practices inquiry: filtering 128/1"
• Next in thread: Florian Weimer: "Re: Best practices inquiry: filtering 128/1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 
> Would anyone not filter those routes? Why wouldn't you filter to /7?
>
> Actually, I take that back. Why wouldn't you just get a feed from
> Cymru <http://www.cymru.com/Bogons/index.html> ??
>

We had some hesitation on putting in a 1/ le /7 filter as these are not mentioned in any document / recommendation that they are invalid / bogus routes... nor in the Cymru.

Anyway, just spotted this in Cymru [Ingress Prefix Filter Templates, Loose and Strict (Cisco)] but it was not included / mentioned in their fltr-bogons:

! Block Prefixes less than /5.
!
ip prefix-list ISP-Ingress-In-Loose seq 50 deny 0.0.0.0/0 le 5
!
! Block /6 and /7 prefixes - We have this in as a marker to see if any of the
! large networks pull together any /8s into smaller blocks. Watch this hit
! counters with "show ip prefix". Tuned per Adriana Vascan <>
! suggestion.
!
ip prefix-list ISP-Ingress-In-Loose seq 55 deny 0.0.0.0/0 le 6
ip prefix-list ISP-Ingress-In-Loose seq 60 deny 0.0.0.0/0 le 7
!

-yf

• Previous message: Rob Thomas: "Re: Best practices inquiry: filtering 128/1"
• Maybe in reply to: WONG, Yuen-Fung: "Best practices inquiry: filtering 128/1"
• Next in thread: Florian Weimer: "Re: Best practices inquiry: filtering 128/1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]