Filters

Advanced Import Filters:
-On IXPs we should Filter Tier-1 Networks
-On all Peerings and Transit Sessions we should filter the following:
-Bogon Prefixes, like private ones (10.0.0.0/8 etc.)
-Too short and to long prefixes, eg. shorter than /8 and larger than /24
-Bogon ASNs, like AS0, etc
-Too long AS-Paths

If we put this all together, we get this for IPv4:

if bgp_path.len > 24 then reject;
if (net.len < 8) || (net.len > 24) then reject;
if bgp_path = [0, 23456, 64496..64511, 64512..65534, 65535, 65536..65551, 65552..131071, 4200000000..4294967294, 4294967295] then reject;
if bgp_path = [ 174, 209, 701, 702, 1239, 1299, 2914, 3257, 3320, 3356, 3491, 3549, 3561, 4134, 5511, 6453, 6461, 6762, 6830, 7018] then reject;
if net ~ [10.0.0.0/8+, 192.168.0.0/16+, 172.16.0.0/12+] then reject;
accept;

For IPv6:

if bgp_path.len > 24 then reject;
if (net.len < 16) || (net.len > 48) then reject;
if bgp_path = [0, 23456, 64496..64511, 64512..65534, 65535, 65536..65551, 65552..131071, 4200000000..4294967294, 4294967295] then reject;
if bgp_path = [ 174, 209, 701, 702, 1239, 1299, 2914, 3257, 3320, 3356, 3491, 3549, 3561, 4134, 5511, 6453, 6461, 6762, 6830, 7018] then reject;
if net ~ [3ffe::/16+, 2001:db8::/32+, 2001::/33+, 2002::/17+, 0000::/8+, fe00::/8+,  ::/128-, ::/0{0,15}, ::/0{64,128}] then reject;
accept;

To keep our config clean we can put this in a sperate file, /etc/bird/importfilter4.conf or importfilter6.conf respectively. and include the file in our filter:

    import filter {
        include "/etc/bird/importfilter4.conf";
        accept;
    };