 |
 |
+1 to 'don't blow up the internet' by default at an IX route server. I'd also urge peers to use something like this on their input policy, to match & ignore any route w/ these in its path: permit _(701|1239|3356|1668|174|209|2914|3561|3549|3320|1299|7018|50384|11841)_ Best, -Tk On Sun, Aug 7, 2016 at 2:10 PM, Andrew Hoyos <[log in to unmask]> wrote: > Hi all, > > We recently implemented bogon ASN filtering on all transit/peering edges (see http://mailman.nanog.org/pipermail/nanog/2016-June/086078.html). > > There were a few participants we peer with via route servers that had bogon ASN’s in path for various prefixes which we are now rejecting. > > I’d suggest that we look at adding similar filtering to the route-servers as well, similar to RFC1918 filters already in place. > > Thoughts? > > — > Andrew Hoyos > Hoyos Consulting LLC > ofc: +1 608 616 9950 > [log in to unmask] > http://www.hoyosconsulting.com