BGP community based IP filtering

Alan Hannan hannan at bythetrees.com
Thu Jan 15 16:26:40 UTC 1998


> I've been having an email discussion with a couple of Cisco engineers about
> how useful BGP community based IP filtering might be. The following IOS
> config fragment might help explain what I'm getting at:
> 
> int fddi0
>  ip access-group community-list 10 in
> !
> ip community-list 10 permit AA:BB
> ip community-list 10 permit CC:DD
> !
> 
> If you are using communities to make your prefix announcements to peers,
> this then allows the router to filter incoming IP packets that match your
> announcements. Excepting things like CPU load, implementation details, etc
> do you think this would be helpful, or am I way off with this?

  I think this would be helpful; especially if were scaled as a
  ubiquitous implementation mechanism.

  Further implementations of BGP community based decision criteria
  could include Class of Service/Type of Service Priority Setting; based 
  upon a particular community, give packets with this network 
  source/destination X priority.

  Additionally, other services such as selective NAT (do or do not
  NAT based upon communities, NAT into which address space based
  upon communities), etc...  can be implemented.

  Similar to the regexp niftiness being put into access lists, it'd
  be keen to see all features using ACLs accept communities as
  determining factors.

  Bear in mind this is not terribly useful to the world if Cisco
  does it alone, it should be tracked through IETF, but it would be
  nice if Cisco did the proof-of-concept and led the pack.

  -alan




More information about the NANOG mailing list