North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Packets from net 10 (no, not the lyrics)
On Tue, Sep 23, 1997 at 04:43:16PM -0400, Todd R. Stroup wrote: > > I disagree.. how about this: > > access-list 50 deny 0.0.0.0 0.0.0.31 > > or for those brave folk: > > access-list 50 deny 0.0.0.0 0.0.0.255 > > The extended access-list is used in the classic "FROM ip" and "TO > ip" application. My point was to use the standard access-list > applied to a BGP session. The only thing I can think of that you > would need a FROM/TO senerio in would be peering with Route Servers, > although in this case I use route-maps filtering on path and by > address. I don't even think an extended access-list will apply to a > bgp session, but I could be wrong. Uhm, your example wouldn't work too well if one wanted to selectively filter longer prefixes (like all longer than /19 in 206->223). That is what many people are doing, and IMO what more should do. > > Your BGP peer config is going to look something like this with a standard > access-list : > > router bgp 7171 > neighbor 198.32.69.69 remote-as 6969 ; sorry about your luck N2K Inc. > neighbor 198.32.69.69 version 4 > neighbor 198.32.69.69 distribute-list 50 in > neighbor 198.32.69.69 route-map as-customers out > > access-list 50 deny 0.0.0.0 0.0.0.0 > access-list 50 deny 0.0.0.0 0.0.0.31 > access-list 50 deny 127.0.0.0 0.255.255.255 > access-list 50 deny 10.0.0.0 0.255.255.255 > etc... Yes yes, but this really limits what you can do. How would you do: access-list 101 permit ip 206.0.0.0 0.255.255.255 0.0.0.0 255.255.224.0 with a standard access list? Alec -- +------------------------------------+--------------------------------------+ |Alec Peterson - [email protected] | Erols Internet Services, INC. | |Network Engineer | Springfield, VA. | +------------------------------------+--------------------------------------+
|