BGP community based IP filtering
Alan Hannan
hannan at bythetrees.com
Thu Jan 15 16:26:40 UTC 1998
> I've been having an email discussion with a couple of Cisco engineers about
> how useful BGP community based IP filtering might be. The following IOS
> config fragment might help explain what I'm getting at:
>
> int fddi0
> ip access-group community-list 10 in
> !
> ip community-list 10 permit AA:BB
> ip community-list 10 permit CC:DD
> !
>
> If you are using communities to make your prefix announcements to peers,
> this then allows the router to filter incoming IP packets that match your
> announcements. Excepting things like CPU load, implementation details, etc
> do you think this would be helpful, or am I way off with this?
I think this would be helpful; especially if were scaled as a
ubiquitous implementation mechanism.
Further implementations of BGP community based decision criteria
could include Class of Service/Type of Service Priority Setting; based
upon a particular community, give packets with this network
source/destination X priority.
Additionally, other services such as selective NAT (do or do not
NAT based upon communities, NAT into which address space based
upon communities), etc... can be implemented.
Similar to the regexp niftiness being put into access lists, it'd
be keen to see all features using ACLs accept communities as
determining factors.
Bear in mind this is not terribly useful to the world if Cisco
does it alone, it should be tracked through IETF, but it would be
nice if Cisco did the proof-of-concept and led the pack.
-alan
More information about the NANOG
mailing list