[c-nsp] Prefix-list help

Ian Dickinson iand at eng.pipex.net
Tue Oct 16 17:19:54 EDT 2007


Hi,

If you don't have a default route by design, you probably want to block this.

If you use loose uRPF on your peering/transit edge, you do want to block this.

If you do both, you *really* do want to block this :-)

Otherwise, those bogons will gain a covering prefix and you'll start seeing
bogon-sourced traffic again - which is why I assume 128.0.0.0/1 was announced
by someone in the first place recently, triggering those CEF LC IPC Background
CPUHOG questions earlier...

Ian

Gert Doering wrote:
> ip prefix-list no-ultra-short-things deny 0.0.0.0/0 le 7
> 
> should do that - remove all from /0 (default route) to /7.  Permit /8 and up.
> 
> OTOH, unless you are running into CEF updating problems, why bother?  If 
> you have a more specific route, it will win - and if not, the /1 will do
> the same thing as getting a default route from your upstream "catch-all".

-- 
Ian Dickinson
Senior Network Development Engineer
Pipex Communications
ian.dickinson at pipex.net
http://www.pipex.net

This e-mail is subject to: http://www.pipex.net/disclaimer.html


More information about the cisco-nsp mailing list