BGP Filter

• Everyone is free to filter on his AS as he wishes, however it is recommended to deny the default route¹⁾, inbound and outbound.
• It is also recommended that you don't advertise IPv4 prefixes longer than 28 bits and IPv6 prefixes longer than 60 bits. Of course there are exceptions:
  • Non-RFC1918 addresses reachable via GLaNET.
  • GLaNET services addresses (192.168.248.0/22 and fd00:6b64:f3b0::/48).

ip prefix-list glanet-in description BGP IPv4 import filter
! Deny default route
ip prefix-list glanet-in seq 10 deny 0.0.0.0/0
! Deny prefixes with high risk of collision within GLaNET range
ip prefix-list glanet-in seq 20 deny 192.168.0.0/22 le 32
ip prefix-list glanet-in seq 21 deny 192.168.8.0/22 le 32
ip prefix-list glanet-in seq 22 deny 192.168.100.0/22 le 32
ip prefix-list glanet-in seq 23 deny 192.168.200.0/22 le 32
ip prefix-list glanet-in seq 24 deny 192.168.252.0/22 le 32
! Deny other RFC1918 prefixes
ip prefix-list glanet-in seq 30 deny 10.0.0.0/8 le 32
ip prefix-list glanet-in seq 31 deny 172.16.0.0/12 le 32
! Deny shared address space
ip prefix-list glanet-in seq 40 deny 100.64.0.0/10 le 32
! Allow everything
ip prefix-list glanet-in seq 1000 permit 0.0.0.0/0 le 32

! Deny default route
ipv6 prefix-list glanet6-in deny 0::/0
! Deny 6bone prefix (not used anymore)
ipv6 prefix-list glanet6-in deny 3ffe::/16 le 128
! Deny documentation prefix
ipv6 prefix-list glanet6-in deny 2001:db8::/32 le 128
! Teredo prefix must be exactly 32-bit long
ipv6 prefix-list glanet6-in permit 2001::/32
ipv6 prefix-list glanet6-in deny 2001::/32 le 128
! 6to4 prefix must be exactly 16-bit long
ipv6 prefix-list glanet6-in permit 2002::/16
ipv6 prefix-list glanet6-in deny 2002::/16 le 128
! Deny loopback/unspecified/v4-mapped prefix
ipv6 prefix-list glanet6-in deny 0000::/8 le 128
! Deny multicast prefixes
ipv6 prefix-list glanet6-in deny fe00::/9 le 128
ipv6 prefix-list glanet6-in deny ff00::/8 le 128
! Permit everything else
ipv6 prefix-list glanet6-in permit 0::/0 le 128