Hi,
I wish to ensure that we have full protection at the eBGP upstream peer and therefore need to protect, dynamically, against the bogon/martian IPv4 and IPv6 listings.
I have contacted the "Cymru" guys who deal with this and have been given the required peering credentials. I have currently, manually, configured this with the following:
set policy-options policy-statement ebgp-martian term reserved from route-filter 0.0.0.0/0 exact reject
set policy-options policy-statement ebgp-martian term reserved from route-filter 0.0.0.0/8 orlonger reject
set policy-options policy-statement ebgp-martian term reserved from route-filter 10.0.0.0/8 orlonger reject
set policy-options policy-statement ebgp-martian term reserved from route-filter 127.0.0.0/8 orlonger reject
set policy-options policy-statement ebgp-martian term reserved from route-filter 128.0.0.0/16 orlonger reject
set policy-options policy-statement ebgp-martian term reserved from route-filter 172.16.0.0/12 orlonger reject
set policy-options policy-statement ebgp-martian term reserved from route-filter 191.255.0.0/16 orlonger reject
set policy-options policy-statement ebgp-martian term reserved from route-filter 192.0.2.0/24 orlonger reject
set policy-options policy-statement ebgp-martian term reserved from route-filter 223.255.255.0/24 orlonger reject
set policy-options policy-statement ebgp-martian term reserved from route-filter 224.0.0.0/3 orlonger reject
set protocols bgp group external-peers import ebgp-martian
As this list is always changing, depending on the prefixs allocated and their usage, this is a rather defunct way of approach. Therefore the dynamic approach is much better.
My question is how can I achieve this once I have the peering?