Why would you accept any /32s in the first place? Bjørn Tore @ mobil
Den 7. jan. 2013 kl. 06:22 skrev Joel jaeggli <joe...@bogus.com>: > On 1/6/13 20:14 , Richard Gross wrote: >> Dear List, >> >> I am seeking advise. If you wanted to block 800K /32's from your inbound >> pipes, how would you do it? >> >> Would you null route? Put up multiple stanza firewall filters? Which >> way has the least amount of hit on router resources? > > so I'd have a discard route, and I'd inject the prefixes from another > box probably quagga with a nexthop of the discard route. I'd expect an > re2000 to injest those routes in about 2 minutes > > I probably wouldn't use flowspec for this at this point. > >> If you would prefer to reply off-list, that would be super. >> >> richg >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
