If I may ask here. One thing that would be nice for the records is to
get a little bit more details on your setup doing that if you have no
problem providing it obviously. Specially the PF configuration tie to
this bgp router as well may well be very educating to many.
it doesn't run pf.
Interesting! I always thought that a minimum of PF was in use.
So, if I may ask, how you do some minimum like:
ip verify unicast source reachable-via any
for announcement to you from multiple BGP sources or even:
ip verify unicast source reachable-via rx
for announcement from a single and uniq bgp source then?
Or do you even do this?
No right or wrong answer, just curious?
No ban of not valid or spoof IP block then?
Or may be black hole? Or do you even bother with it and just let it be?
What about letting in only valid destination IP's or letting out valid
originating IP's out then? No filter for it at all as no PF is there to
do this?
Again not any tricky question, just wonder of what best practice then
some may use bgp for their network, not only for one bgp feed obviously.
I obviously wrongly assume there was a minimum of PF in use as well,
witch I see I was wrong to think so. I thought PF was use to validate
traffic, letting only valid IP's in/out and not accepting range of not
valid BGP announcement as well. Is there a way to do this that I may
obviously have miss by not doing it via PF?