BGP/bogons

770801tvdhaar · ‎11-09-2007

Hi I'm managing a few bgp peers. Two questions 1) just need to know how everyone is updating their bogon filters what the easiest way to do this work is?

2)When changing the weight of a peer I don't see the changes after a clear soft in command.

aghaznavi · ‎11-16-2007

If the autosec_iana_reserved_block acl or autosec_complete_bogon aclis applied to the edge interfaces of network devices and these acls are not kept upto date, network connectivity problems will be seen. Traffic from the recently allocated reserved addresses will be blocked thus isolating customers with these addresses.

If the network administrator has already configured autosecure and applied the

autosec_iana_reserved_block acl or autosec_complete_bogon acl to the

edge interfaces, he/she can do the following:

1. Detach the acl from the edge interfaces.

2. Rollback to a config saved prior to configuring autosecure and then

reconfigure autosecure safely as outlined below.

Autosecure can be safely configured for the first time (or

reconfigured after rollback) avoiding the above problem as follows:

1. Use non-interactive mode OR

2. Use interactive mode but

(a) Answer "no" to the question "Configure Ingress Filtering on edge

interfaces?" OR

(b) Choose option 2 i.e. "Apply autosec_private_block acl on all

edge interfaces"