North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: weird BGP cisco-ism? [problem resolved]
Not to totally go off the subject, but if you have a ruleset like this implemented for all of your customers, what type of extra load does the route filtering impose on a router? We're a rather small ISP, and we don't use BGP at all, I'm just curious what type of impact this has. Thanks, Charles On Fri, 11 Jul 1997, Robert Gutierrez wrote: > your other BGP peers? Inbound, I mean. Very simple: > > router bgp 1 > neighbor 10.1.1.1 remote-as 2 > neighbor 10.1.1.1 filter-list 99 in > > as-path access-list 99 deny ^$ > as-path access-list 99 deny ^1_ > [etc -- however you want to set it up] > > Isn't this akin to wearing a condom nowadays in the 'net BGP routing > warz. > > Before I left my last job, I was on my way to installing anal as-path > access > lists for our own customers who did BGP to prevent the above and also > prevent another Florida fiasco. The idea was that we would only accept > explicit addresses from those BGP peers. All that was need was to add a > list for each peer: > > neighbor 10.1.1.1 distribute-list 10 in > access-list 10 permit 172.16.0.0 > > or even worse, enforce CIDR/prevent subnets by only accpeting the > specific > block advertisement: > > distribute-list 101 permit 172.16.0.0 0.0.0.0 255.255.0.0 0.0.0.0 > > Just good practice to me :) Hopefully everybody else is doing the > same??? > > > Rob Gutierrez / 3Com - GIS Internet Security >
|