Packets from net 10 (no, not the lyrics)

• Previous message (by thread): Packets from net 10 (no, not the lyrics)
• Next message (by thread): Packets from net 10 (no, not the lyrics)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Why not use a standard access-list like : 

access-list 50 deny 0.0.0.0 0.0.0.0
access-list 50 deny 127.0.0.0 0.255.255.255
access-list 50 deny 10.0.0.0 0.255.255.255
access-list 50 deny 172.16.0.0 0.15.255.255
access-list 50 deny 192.168.0.0 0.0.255.255
access-list 50 deny 192.0.2.0 0.0.0.255
access-list 50 deny 128.0.0.0 0.0.255.255
access-list 50 deny 191.255.0.0 0.0.255.255 
access-list 50 deny 198.32.184.0 0.0.0.255 ! MAE-WEST  (could be done)
access-list 50 deny 198.32.136.0 0.0.0.255 ! MAE-WEST  (to include all EPs)
access-list 50 deny 198.32.186.0 0.0.0.255 ! MAE-EAST
access-list 50 deny 192.41.177.0 0.0.0.255 ! MAE-EAST
access-list 50 deny 198.32.130.0 0.0.0.255 ! AADS
access-list 50 deny 206.183.224.0 0.0.31.255  ! FNSI
access-list 50 deny 209.41.192.0 0.0.31.255   ! FNSI
access-list 50 deny 209.115.0.0 0.0.31.255    ! FNSI
access-list 50 deny 223.255.255.0 0.0.0.255
access-list 50 deny 224.0.0.0 31.255.255.255
access-list 50 permit any

Then apply this to your peer session on the inbound with the command :

 neighbor x.x.x.x distribute-list 50 in

You want to filter on an interface for this?  If you get the route into
your routing table thats where the problem starts.  Attaching the filter
to the peer session will at least get rid of the bad routes from the
start.  I would rather use CPU on keeping the BGP sessions clean than
wasting it on checking the interface for packets with 10/8.  If anyone
has any better suggestions, I would love to hear them. 

Todd R. Stroup
Fiber Network Solutions, Inc.

> > On Tue, 23 Sep 1997 bmanning at ISI.EDU wrote:
> > > !	Loopback
> > > access-list 100 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> > > !	RFC 1918 private blocks
> > > access-list 100 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> > > access-list 100 deny   ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
> > > access-list 100 deny   ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> > > !	Test Network
> > > access-list 100 deny   ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
> > > !	Tiny networks.
> > > access-list 100 deny   ip any 255.255.255.128 0.0.0.127
> > > access-list 100 permit ip any any
> > > 
> 
> 	The operative phrase here is border. 
> 	That means ASN border, i.e. where you BGP
> 	peer with others.  At the provider/subscriber
> 	interface, within your IGP, using RFC 1918 space
> 	is ok.
> 
> -- 
> --bill
> 

• Previous message (by thread): Packets from net 10 (no, not the lyrics)
• Next message (by thread): Packets from net 10 (no, not the lyrics)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]