weird BGP cisco-ism? [problem resolved]

• Previous message (by thread): weird BGP cisco-ism? [problem resolved]
• Next message (by thread): weird BGP cisco-ism? [problem resolved]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Not to totally go off the subject, but if you have a ruleset like this
implemented for all of your customers, what type of extra load does the
route filtering impose on a router?  We're a rather small ISP, and we
don't use BGP at all, I'm just curious what type of impact this has.

Thanks,

Charles

On Fri, 11 Jul 1997, Robert Gutierrez wrote:
> your other BGP peers?  Inbound, I mean.  Very simple:
> 
>    router bgp 1
>    neighbor 10.1.1.1 remote-as 2
>    neighbor 10.1.1.1 filter-list 99 in
> 
>    as-path access-list 99 deny ^$
>    as-path access-list 99 deny ^1_
>    [etc -- however you want to set it up]
> 
> Isn't this akin to wearing a condom nowadays in the 'net BGP routing
> warz.
> 
> Before I left my last job, I was on my way to installing anal as-path
> access
> lists for our own customers who did BGP to prevent the above and also
> prevent another Florida fiasco.  The idea was that we would only accept
> explicit addresses from those BGP peers.  All that was need was to add a
> list for each peer:
> 
>    neighbor 10.1.1.1 distribute-list 10 in
>    access-list 10 permit 172.16.0.0
> 
> or even worse, enforce CIDR/prevent subnets by only accpeting the
> specific
> block advertisement:
> 
>    distribute-list 101 permit 172.16.0.0 0.0.0.0 255.255.0.0 0.0.0.0
> 
> Just good practice to me :)  Hopefully everybody else is doing the
> same???
> 
> 
> 	Rob Gutierrez / 3Com - GIS Internet Security
> 

• Previous message (by thread): weird BGP cisco-ism? [problem resolved]
• Next message (by thread): weird BGP cisco-ism? [problem resolved]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]