Home page logo

nanog logo nanog mailing list archives

Re: weird BGP cisco-ism? [problem resolved]
From: "Barry A. Dykes" <bdykes () genuity net>
Date: Fri, 11 Jul 1997 17:40:35 -0700

Why don't you just tag your exportable routes and let them through, 
while blocking everything else?  You could then build a route-map that 
places that tag on all of your inbound BGP customers.  This would allow 
you to export everything that they send you (allowing them to send the 
more specific as Dorian stated) and use a static tag for your aggregate 
routes.  Then all the more specific routes on your backbone would be 
filtered, unless it originated from a BGP customer - who would need to 
send the more specific advertisements to each of it's providers and 
allow routing to work correctly.  I know, that's what we do!  If you 
don't have the right tag, you don't get off!  And I don't have to mess 
with any filters after they are set up.


You can remove the specifics at the edges of your network either via community
based filtering or prefix based filtering. The former is much more flexible
and is the one I'd recommend.


      I'd think prefix based filters would be more likely to be correct.
Since you have to explicitly list what you think you should be announcing
you protect against having routes you don't expect in your tables and
against having interactions that cause unexpected routes to get tagged as


                                -Chris (cgarner () sni net)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]