Re: Not announcing (to the greater internet) loopbacks/PTP/infra - how ?

[Pierre Emeriaud <petrus.lt () gmail com>]

Le jeu. 4 oct. 2018 à 21:12, Brandon Applegate <brandon () burn net> a écrit :
> I’ve seen mention on this list and other places about keeping one’s PTPs / loopbacks out of routing tables for 
> security reasons.  Totally get this and am on board with it.  What I don’t get - is how.  I’m going to list some of 
> my ideas below and the pros/cons/problems (that I can think of at least) for them.

> - Use public block that is allocated to you (i.e. PI) - but not announced.

this is what we do. We are lucky enough to have plenty of address
space which was quite correctly assigned in the first place. This is
nice, except for one thing: other networks having urpf towards us. It
makes traceroutes from their side to ours useless.

Other than that, we use bgpmon to monitor for the absence of
advertisements /leaks for those internal prefixes. Works really well.