North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Packets from net 10 (no, not the lyrics)

  • From: Kevin Oberman
  • Date: Tue Sep 23 11:33:19 1997

> Date: Tue, 23 Sep 1997 10:45:19 -0400
> From: "Randall S. Benn" <[email protected]>

> I think you'll find that your router's CPU will be happier if you just dump
> the 1918 networks to the bit bucket on your border routers with a static
> route via interface Null0:
> 
>    ip route 10.0.0.0 255.0.0.0 null0
>    ip route 127.0.0.0 255.0.0.0 null0
>    etc.
> 
> Considering resource utilization on the router, it is cheaper to do a
> routing table look-up than it is to do ACLs.  Also, when you're doing
> outbound filtering on the router, you have to do a routing table lookup
> first before you can do outbound filtering.  Save a step and just do the
> routing table lookup.

I don't think so. The static routes will require processing every
packet destined for the 10.0.0.0/8 and 127.0.0.0/8 nets, but you will
still have the bad route. The CPU will have to deal with any traffic
for 10.0.0.0/8 and any interior routers will forward packets since you
have a route.

On the other hand, a filter on the BGP session will block the route
from being accepted and only require CPU action once...when it is
announced. You have no route to these nets and can't propagate the
routes since you don't have them.

Andrew clearly has the correct approach.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [email protected]			Phone: +1 510 486-8634