Home page logo
/

nanog logo nanog mailing list archives

Re: NSPs and filters
From: "Dorian R. Kim" <dorian () blackrose org>
Date: Sun, 13 Jul 1997 16:19:38 -0400 (EDT)

On Sun, 13 Jul 1997, Vadim Antonov wrote:

randy> So, at POP X, I take in maybe 100 prefixes, with maybe 1000
randy> at some POPs.  How do I build and maintain that filter list,

alan () mindvision com (Alan Hannan) wrote:

 The same way you build and maintain routing filter lists for the
 prefixes you take in.

Bzzt. Routing filter lists are applied to routing updates.  Packet
filter lists are applied to packets.

Big difference.

1000-entry packet filter will slow any existing router down to crawl,
and practically all future boxes won't do any better.

Vadim, I think Alan was talking about the mechanics of building such a list,
not deploying them in particular.

Given the information required to effectively filter cutomer routes, I'd
suggest that one has enough information to create a packet filter list based
on them. It's just matter of "simple" database work and automation. ;)

-dorian



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault