North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: weird BGP cisco-ism? [problem resolved]

  • From: Danny McPherson
  • Date: Fri Jul 11 22:44:02 1997

> 	You can build your customer BGP filters off data in the IRR.  Make
> it a requirement that BGP customers must keep that information up to date
> (or do it for them).

OK.  So I apply an ingress filter (ideally built from the IRRs) to a customer 
peer.  Then I have to add the cusomter's AS(s) prefixes to every eBGP peer's 
egress ACL (including customer peers) so that the networks will be permitted.

The customer begins advertising a newly allocated netblock.  Now virtually 
*every* BGP peers ACL has to be modified & deployed and the source AS will 
need to either flap the route or reset the session.

If I had tagged the customer's prefixes with a BGP community when I picked up 
the routes ..and have filters in place that deny/permit predefined communities 
to all eBGP peers, all I would need to be concerned with is the customer's 
ingress ACL.

IMO, ACLs alone won't scale. 


-danny