+1 to 'don't blow up the internet' by default at an IX route server. I'd also urge peers to use something like this on their input policy, to match & ignore any route w/ these in its path: permit _(701|1239|3356|1668|174|209|2914|3561|3549|3320|1299|7018|50384|11841)_ Best, -Tk On Sun, Aug 7, 2016 at 2:10 PM, Andrew Hoyos <hoyosa@gmail.com> wrote:
Hi all,
We recently implemented bogon ASN filtering on all transit/peering edges (see http://mailman.nanog.org/pipermail/nanog/2016-June/086078.html).
There were a few participants we peer with via route servers that had bogon ASN’s in path for various prefixes which we are now rejecting.
I’d suggest that we look at adding similar filtering to the route-servers as well, similar to RFC1918 filters already in place.
Thoughts?
— Andrew Hoyos Hoyos Consulting LLC ofc: +1 608 616 9950 andrew@hoyosconsulting.com http://www.hoyosconsulting.com