Home page logo
/

nanog logo nanog mailing list archives

Re: Using BGP as a policy tool (was Re: in-addr survey)
From: "Peter Galbavy" <peter.galbavy () knowledge com>
Date: Tue, 15 May 2001 13:55:17 +0100


Glenn (its aarnet) worked out a simple hack on Zebra to make this
fly.

Got 50% through a similar hack here. Never needed it in the end, and
gave up.

I didn't deploy it, because first approximation the simple dumps of
IP for on-net and domestic were enough to let me sinbin all the rest
to offshore. Well, I thought so, but history proved me wrong.

For those of us not in North America, the need is actually far greater
on occasion.

Anyway. My point is that BGP is your friend. It should be both cheap
(as cheap as a routing lookup, which for an application writing a log
to disk like apache is cheap, at least compared to DNS lookup) and
very cacheable.

Why don't more applications do this?

Because the people doing one thing don't usually speak to people doing
the other. Unless some behemothic (is that a word ?) company like Cisco
(only as a bad example - they do hare some stuff) doesn't invent it's
own protocol that is patentable, then there will be no standard to copy.
Innovation in this arena is pretty much dead it seems.

BTW I can actually see that the use of BGP for access control and
logging application access would be the subject of a patent application
by the greedy, I hope people can recall prior art in the future.

Peter



  By Date           By Thread  

Current thread:
  • re: in-addr survey ggm (May 14)
    • Re: Using BGP as a policy tool (was Re: in-addr survey) Peter Galbavy (May 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault