North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Packets from net 10 (no, not the lyrics)
Why not use a standard access-list like : access-list 50 deny 0.0.0.0 0.0.0.0 access-list 50 deny 127.0.0.0 0.255.255.255 access-list 50 deny 10.0.0.0 0.255.255.255 access-list 50 deny 172.16.0.0 0.15.255.255 access-list 50 deny 192.168.0.0 0.0.255.255 access-list 50 deny 192.0.2.0 0.0.0.255 access-list 50 deny 128.0.0.0 0.0.255.255 access-list 50 deny 191.255.0.0 0.0.255.255 access-list 50 deny 198.32.184.0 0.0.0.255 ! MAE-WEST (could be done) access-list 50 deny 198.32.136.0 0.0.0.255 ! MAE-WEST (to include all EPs) access-list 50 deny 198.32.186.0 0.0.0.255 ! MAE-EAST access-list 50 deny 192.41.177.0 0.0.0.255 ! MAE-EAST access-list 50 deny 198.32.130.0 0.0.0.255 ! AADS access-list 50 deny 206.183.224.0 0.0.31.255 ! FNSI access-list 50 deny 209.41.192.0 0.0.31.255 ! FNSI access-list 50 deny 209.115.0.0 0.0.31.255 ! FNSI access-list 50 deny 223.255.255.0 0.0.0.255 access-list 50 deny 224.0.0.0 31.255.255.255 access-list 50 permit any Then apply this to your peer session on the inbound with the command : neighbor x.x.x.x distribute-list 50 in You want to filter on an interface for this? If you get the route into your routing table thats where the problem starts. Attaching the filter to the peer session will at least get rid of the bad routes from the start. I would rather use CPU on keeping the BGP sessions clean than wasting it on checking the interface for packets with 10/8. If anyone has any better suggestions, I would love to hear them. Todd R. Stroup Fiber Network Solutions, Inc. > > On Tue, 23 Sep 1997 [email protected] wrote: > > > ! Loopback > > > access-list 100 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 > > > ! RFC 1918 private blocks > > > access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 > > > access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255 > > > access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255 > > > ! Test Network > > > access-list 100 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255 > > > ! Tiny networks. > > > access-list 100 deny ip any 255.255.255.128 0.0.0.127 > > > access-list 100 permit ip any any > > > > > The operative phrase here is border. > That means ASN border, i.e. where you BGP > peer with others. At the provider/subscriber > interface, within your IGP, using RFC 1918 space > is ok. > > -- > --bill >
|