North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: weird BGP cisco-ism? [problem resolved]
> You can build your customer BGP filters off data in the IRR. Make > it a requirement that BGP customers must keep that information up to date > (or do it for them). OK. So I apply an ingress filter (ideally built from the IRRs) to a customer peer. Then I have to add the cusomter's AS(s) prefixes to every eBGP peer's egress ACL (including customer peers) so that the networks will be permitted. The customer begins advertising a newly allocated netblock. Now virtually *every* BGP peers ACL has to be modified & deployed and the source AS will need to either flap the route or reset the session. If I had tagged the customer's prefixes with a BGP community when I picked up the routes ..and have filters in place that deny/permit predefined communities to all eBGP peers, all I would need to be concerned with is the customer's ingress ACL. IMO, ACLs alone won't scale. -danny
|