As I am preparing talks for the upcoming WISPAPALOOZA 2014 in Las Vegas I am making some notes on advanced BGP. \u00a0If you are running BGP, and want to lock it down a little here are some general hints. \u00a0If you want more attend my session in Vegas or look here afterwords for the full rundown.<\/p>\n
General Hints for BGP filter.<\/p>\n
1.Filter all all the bogon addresses unless you have a specific need. If you have to ask you probably don’t have a need so filter it. Bogons are: 2.Don’t accept your own IP space from upstreams. \u00a0There should be no reason someone is advertising your own IP space back to you that is not a downstream customer. \u00a0I mean dowstream as to someone you have assigned your own IP space to.<\/p>\n 3.Limit the maximum number of prefixes your router will accept.<\/p>\n 4.Most ISPs don’t announce anything less than a \/24. \u00a0Configure your filters to not accept anything smaller than a \/24 unless you have a specific need to do so.<\/p>\n 5. Separate iBGP from eBGP.<\/p>\n 6.Understand the defaults for the platform you are using.<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" As I am preparing talks for the upcoming WISPAPALOOZA 2014 in Las Vegas I am making some notes on advanced BGP. \u00a0If you are running BGP, and want to lock it down a little here are some general hints. \u00a0If you want more attend my session in Vegas or look here afterwords for the full […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[24,17,2],"tags":[13,107,75,15,108],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6VLMf-2X","jetpack-related-posts":[{"id":365,"url":"https:\/\/www.mtin.net\/blog\/basic-mikrotik-bgp-filter-rules\/","url_meta":{"origin":183,"position":0},"title":"Basic Mikrotik BGP filter rules","author":"j2sw","date":"October 29, 2015","format":false,"excerpt":"Below are some basic Filter Rules for Mikrotik BGP filtering. \u00a0These are not complex and can be very easily implemented on your BGP peers. Before we get to the code there are a few assumptions 1.Your own IP space in this example is 1.1.1.0\/22 2.These filters are not fancy and\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"https:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":19,"url":"https:\/\/www.mtin.net\/blog\/bgp-looking-glass\/","url_meta":{"origin":183,"position":1},"title":"BGP Looking Glass","author":"j2sw","date":"March 10, 2014","format":false,"excerpt":"One of the things we have been doing more of here at MTIN is BGP setups. \u00a0I am starting a series of posts on BGP troubleshooting and tidbits Looking Glass http:\/\/www.bgp4.as\/looking-glasses A looking glass can help you see how certain parts of the Internet view your advertisements. \u00a0This can be\u2026","rel":"","context":"In "xISP"","block_context":{"text":"xISP","link":"https:\/\/www.mtin.net\/blog\/category\/xisp\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":434,"url":"https:\/\/www.mtin.net\/blog\/simple-bgp-by-qrator\/","url_meta":{"origin":183,"position":2},"title":"Simple BGP by Qrator","author":"j2sw","date":"November 17, 2015","format":false,"excerpt":"so the folks over at Qrator have proposed some additions to BGP. At the heart of this is the addition of roles in a BGP session. You would have four possible roles: customer, provider,peer, and internal. You can learn some more about this at https:\/\/radar.qrator.net\/tools\/simple-bgp","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/www.mtin.net\/blog\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2717,"url":"https:\/\/www.mtin.net\/blog\/network-collective-bgp-optimal-route-reflection\/","url_meta":{"origin":183,"position":3},"title":"Network Collective: BGP Optimal Route Reflection","author":"j2sw","date":"January 3, 2019","format":false,"excerpt":"https:\/\/thenetworkcollective.com\/2018\/11\/st-bgp-optimal-route-reflection\/","rel":"","context":"In "BGP"","block_context":{"text":"BGP","link":"https:\/\/www.mtin.net\/blog\/category\/networking\/bgp\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3342,"url":"https:\/\/www.mtin.net\/blog\/mum-2019-presentation-on-bgp\/","url_meta":{"origin":183,"position":4},"title":"MUM 2019 presentation on BGP","author":"j2sw","date":"April 13, 2019","format":false,"excerpt":"For those of you not able to attend the US MUM presentation here is my presentation slides in PDF for my BGP session. 200 meg download. bgp_presentation","rel":"","context":"In "BGP"","block_context":{"text":"BGP","link":"https:\/\/www.mtin.net\/blog\/category\/networking\/bgp\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2670,"url":"https:\/\/www.mtin.net\/blog\/bgp-monitoring-rfc-7854\/","url_meta":{"origin":183,"position":5},"title":"BGP Monitoring RFC 7854","author":"j2sw","date":"December 4, 2018","format":false,"excerpt":"https:\/\/tools.ietf.org\/html\/rfc7854 This document defines the BGP Monitoring Protocol (BMP), which can be used to monitor BGP sessions. BMP is intended to provide a convenient interface for obtaining route views. Prior to the introduction of BMP, screen scraping was the most commonly used approach to obtaining such views. The design goals\u2026","rel":"","context":"In "BGP"","block_context":{"text":"BGP","link":"https:\/\/www.mtin.net\/blog\/category\/networking\/bgp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/05\/atasco.jpg?fit=1122%2C711&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/05\/atasco.jpg?fit=1122%2C711&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/05\/atasco.jpg?fit=1122%2C711&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/05\/atasco.jpg?fit=1122%2C711&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/183"}],"collection":[{"href":"https:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/comments?post=183"}],"version-history":[{"count":2,"href":"https:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/183\/revisions"}],"predecessor-version":[{"id":185,"href":"https:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/183\/revisions\/185"}],"wp:attachment":[{"href":"https:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media?parent=183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/categories?post=183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/tags?post=183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n10.0.0.0\/8<\/code>,
\n172.16.0.0\/12<\/code>
\n192.168.0.0\/16<\/code>
\n169.254.0.0\/16<\/code><\/p>\n