Home page logo
/

nanog logo nanog mailing list archives

Re: BGP community based IP filtering
From: Mark Prior <mrp () connect com au>
Date: Fri, 16 Jan 1998 10:39:17 +1030

     I've been having an email discussion with a couple of Cisco engineers about
     how useful BGP community based IP filtering might be. The following IOS
     config fragment might help explain what I'm getting at:

     int fddi0
      ip access-group community-list 10 in
     !
     ip community-list 10 permit AA:BB
     ip community-list 10 permit CC:DD
     !

     If you are using communities to make your prefix announcements to peers,
     this then allows the router to filter incoming IP packets that match your
     announcements. Excepting things like CPU load, implementation details, etc
     do you think this would be helpful, or am I way off with this?

I'm not sure about this but communities would be a lot more useful if
there was more facilities to mask them out, delete individual
communities etc.

I would really like to be able to say "remove any of my private (ie
local) communities" that I might receive from a customer while
accepting the ones I have told them they can use. Similarly I would
like to be able to say "remove this specific community" on
announcements down this specific link(s).

Mark.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]