69/8...this sucks

• Previous message (by thread): 69/8...this sucks
• Next message (by thread): 69/8...this sucks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm trying to get some time to actually put it in a router and test, but
I believe there is a way to get similar functionality through a combination
of route-map entries.  When I have actual router config (I'll be testing on
Cisco, but if anyone want's to provide me a Juniper testbed, I'll be happy
to try that too), I'll post it.  If I can't, I'll post a public apology
and start beating on vendors to make it possible. :-)

Owen


--On Wednesday, March 12, 2003 11:41 PM +1100 David Luyer <david at luyer.net> 
wrote:

> Stephen J Wilcox wrote:
>> On Wed, 12 Mar 2003, David Luyer wrote:
>> > Iljitsch van Beijnum wrote:
>> > > On Tue, 11 Mar 2003, Owen DeLong wrote:
>> > >
>> > > > In short, it doesn't.  Longer answer, if the ISP configures
>> > > > his router correctly, he can actually refuse to accept
>> > > > advertisements from other sessions that are longer versions
>> > > > of prefixes received through this session.
>> > >
>> > > How???
>> >
>> > There is a technically possible (but rather twisted) way you
>> > could not use the adverts, but not a way to refuse receiving
>> > them that I know of.
>>
>> I think youre mixing up with ingress filtering by prefix list
>> which you can
>> specify prefix length on and hence ignore longer (or smaller) matches.
>
> The example I provided achieved both ingress and egress filtering
> based on routes in a bogon BGP feed, in a way which would even
> block when a more-specific route is in the provider's BGP table.
> While it didn't actually prevent the routes being in the routing
> table (as I said, it doesn't provide a way to stop receiving them),
> it does prevent traffic from and to the bogon locations, which is
> a significant part of the reason to use bogon lists.
>
> However, yes, it has some deficiencies[1] compared with using the
> static bogon lists for route filtering (and ingress/egress); it
> does not prevent routing table bloat, and it does not prevent
> traffic travelling across your WAN to the point of network egress
> only to be dropped.
>
> If you want to actually not receive into your network at all the
> BGP routes which match bogons, as I stated earlier, there is no
> way I know of to do this via a BGP feed.  The only way to do it
> that I know of would be to use either a prefix list or a standard
> ACL (you can do anything you can do with a prefix list with a
> compiled extended ACL on BGP routes, it's just less clear to
> read as an extended ACL).
>
> Although, Owen DeLong has stated that it is possible, so maybe
> we should wait for his response :-)
>
> David.
>
> [1] Apart from simply being a completely twisted design.
>

• Previous message (by thread): 69/8...this sucks
• Next message (by thread): 69/8...this sucks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]