On 12/01/2016 09:43 PM, David Farmer wrote:
[log in to unmask]" type="cite">

On Thu, Dec 1, 2016 at 8:32 PM, Richard Laager <[log in to unmask]> wrote:
I'm looking for feedback on a filtering proposal. I propose that, on the
route server, by default, we filter incoming routes to block anything
matching:
_(174|209|286|701|1239|1299|2828|2914|3257|3320|3356|3549|5511|6453|6461|6762|6939|7018|12956)_

We can, of course, create exceptions if necessary. One obvious one is
that HE's connection would need their own AS (6939) removed from the
block list.

This particular list is from here, with 6939 added by me:
https://www.nanog.org/sites/default/files/Snijders_Everyday_Practical_Bgp.pdf

I'm fine with this.  If we do this, I request that 11537 and 11164 be added to the list as well, these are the Internet2 R&E backbone and commercial peering service respectively, a doubt we, UW-Sysnet, or Wiscnet would leak these, but never say never.  


This seems like a good idea to me.  I am curious what routes would be blocked if we ran that regex against the existing route table in the servers?  I'd hate to see us install the filter without first determining the real world ramifications! 

We also might want to consider blocking any routes that start with or contain (?) 64512 - 65535 also.

To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1