On Sun, Dec 05, 2004 at 12:41:32PM -0500, Joe Abley wrote: > >I have one question regarding the CYMRU bogon route-server. What good > >is > >it if more-specific bogons are going around in the BGP table ? > > With OpenBSD 3.6 running pf and bgpd, you can apply a filter rule to > BGP updates received from individual peers which updates a pf radix > table with the network received:
Interesting, but no option on Juniper/IOS boxes/foundry boxen. > This is an answer that is probably not useful for the average ISP > backbone, but I tried it out a week or so ago on my home network > firewall/router boxes, and it works very nicely. It's a good solution > for (say) an enterprise network whose external traffic falls within the > bounds of what an OpenBSD box can handle (or boxes, if you do stateful > failover with CARP and pfsync). Indeed, for such purposes it's a nice solutions. -- Cliff Albert <[EMAIL PROTECTED]>