Home page logo
/

nanog logo nanog mailing list archives

Re: The Gorgon's Knot. Was: Re: Verio Peering Question
From: smd () clock org (Sean M. Doran)
Date: Fri, 28 Sep 2001 19:30:19 -0700 (PDT)


| >     ip as-path access-list 1 permit _badguy_
| >     
| >     route-map fix-badguy permit 10
| >      descr proxy-aggregate the networks who are "holey"
| >      match as-path 1
| >     
| >     router bgp my-as
| >      aggregate-address bad.guy.blo.ck1 255.255.224.0 as-set suppress-map fix-badguy
| >      aggregate-address bad.guy.blo.ck2 255.255.224.0 as-set suppress-map fix-badguy
| >      ...
|
| And one aggregates a lone /24 with what? 

Oh yay, a bona fide techical question.  

The answer: 

        ACL 1 need not match only one AS

        as-set is there to deal with matches on multiple AS paths
                since we want to avoid looping announcements. conveniently,
                not only does it handle the case where ACL 1 matches
                lots of AS paths containing _X_, it can equally handle the
                case where ACL 1 matches lots of AS paths containing _Y_.

Next time I use the example I will remember to make ACL 1 longer,
and change "bad.guy.blo.ck1" (etc) into something along the lines
of "poo.rag.gre.g81", but perhaps more aesthetically pleasing.

        Sean.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault