Using BGP as a policy tool (was Re: in-addr survey)

Peter Galbavy peter.galbavy at
Tue May 15 12:55:17 UTC 2001

> Glenn (its aarnet) worked out a simple hack on Zebra to make this
> fly.

Got 50% through a similar hack here. Never needed it in the end, and
gave up.

> I didn't deploy it, because first approximation the simple dumps of
> IP for on-net and domestic were enough to let me sinbin all the rest
> to offshore. Well, I thought so, but history proved me wrong.

For those of us not in North America, the need is actually far greater
on occasion.

> Anyway. My point is that BGP is your friend. It should be both cheap
> (as cheap as a routing lookup, which for an application writing a log
> to disk like apache is cheap, at least compared to DNS lookup) and
> very cacheable.
> Why don't more applications do this?

Because the people doing one thing don't usually speak to people doing
the other. Unless some behemothic (is that a word ?) company like Cisco
(only as a bad example - they do hare some stuff) doesn't invent it's
own protocol that is patentable, then there will be no standard to copy.
Innovation in this arena is pretty much dead it seems.

BTW I can actually see that the use of BGP for access control and
logging application access would be the subject of a patent application
by the greedy, I hope people can recall prior art in the future.


More information about the NANOG mailing list