Configurando filtro de Bogons

How Can We Help?
< All Topics
Print

Configurando filtro de Bogons

Vamos criar os prefixos de IPs que usaremos em todos os links.

Prefixos BOGONS ou falsos/inválidos (caso não existam), os valores dos index podem ser diferentes ou ainda pode ser ocultado a parte “index NN”.

ip ip-prefix BOGONS index 20 permit 10.0.0.0 8 greater-equal 8 less-equal 24
ip ip-prefix BOGONS index 21 permit 2.56.0.0 14 greater-equal 14 less-equal 24
ip ip-prefix BOGONS index 22 permit 5.8.248.0 21 greater-equal 21 less-equal 24
ip ip-prefix BOGONS index 23 permit 5.39.200.0 21 greater-equal 21 less-equal 24
ip ip-prefix BOGONS index 30 permit 127.0.0.0 8 greater-equal 8 less-equal 24
ip ip-prefix BOGONS index 40 permit 169.254.0.0 16 greater-equal 16 less-equal 24
ip ip-prefix BOGONS index 50 permit 172.16.0.0 12 greater-equal 12 less-equal 24
ip ip-prefix BOGONS index 60 permit 192.0.0.0 24 greater-equal 24 less-equal 24
ip ip-prefix BOGONS index 70 permit 192.0.2.0 24 greater-equal 24 less-equal 24
ip ip-prefix BOGONS index 80 permit 192.168.0.0 16 greater-equal 16 less-equal 24
ip ip-prefix BOGONS index 90 permit 198.18.0.0 15 greater-equal 15 less-equal 24
ip ip-prefix BOGONS index 91 permit 203.0.113.0 24 greater-equal 24 less-equal 24
ip ip-prefix BOGONS index 92 permit 224.0.0.0 4 greater-equal 4 less-equal 24
ip ip-prefix BOGONS index 93 permit 240.0.0.0 4 greater-equal 4 less-equal 24

ip ipv6-prefix BOGONS-V6 index 10 permit :: 8 greater-equal 8 less-equal 128
ip ipv6-prefix BOGONS-V6 index 20 permit 100:: 64 greater-equal 64 less-equal 128
ip ipv6-prefix BOGONS-V6 index 30 permit 2001:2:: 48 greater-equal 48 less-equal 128
ip ipv6-prefix BOGONS-V6 index 40 permit 2001:10:: 28 greater-equal 28 less-equal 128
ip ipv6-prefix BOGONS-V6 index 50 permit 2001:DB8:: 32 greater-equal 32 less-equal 128
ip ipv6-prefix BOGONS-V6 index 60 permit 3FFE:: 16 greater-equal 16 less-equal 128
ip ipv6-prefix BOGONS-V6 index 70 permit FC00:: 7 greater-equal 7 less-equal 128
ip ipv6-prefix BOGONS-V6 index 80 permit FEC0:: 10 greater-equal 10 less-equal 128
ip ipv6-prefix BOGONS-V6 index 90 permit FF00:: 8 greater-equal 8 less-equal 128

commit

Precisamos criar uma política de entrada, filtro de entrada, para dar match na lista de bogons. Esse route-policy deve ser um número menor do que os filtros para permitir os prefixos aceitos.

route-policy OPERADORA1-IN deny node 10
  if-match ip-prefix BOGONS
  quit
route-policy OPERADORA1-v6-IN deny node 10
  if-match ipv6 address prefix-list BOGONS-v6
  quit
commit

FONTE: Bernadi WIKI

Próxima Configurando um link de transito – Sendo cliente
Sumário
CENTRAL