(cisco, or any) acl *reducers* out there?
George Michaelson
ggm at apnic.net
Thu Aug 19 03:43:32 UTC 2010
On 19/08/2010, at 1:38 PM, Randy Bush wrote:
> one more comment. be careful aggregating filters. the peer may
> actually announce all those damed frags, especially in massively
> de-aggregated places such as india, indonesia, ...
>
> randy
I should have been clearer that I really only want to aggregate ACLs like a port-22 ssh filter which has an endless list of specific /32, or the 'we don't like inbound UDP' -where it logically made sense. So if you happen to have an overarching UDP 'established' class rule, then its order compared to other rules might or might not make them useless.
Route filtering is best done by professionals. Always read the instructions on the packet.
(Your oven may be in centigrade, not fahrenheit, and the cup size varies by economy.)
-George
More information about the NANOG
mailing list