North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Packets from net 10 (no, not the lyrics)

  • From: Todd R. Stroup
  • Date: Tue Sep 23 17:12:29 1997

I disagree.. how about this: 

access-list 50 deny 0.0.0.0 0.0.0.31 

or for those brave folk:  

access-list 50 deny 0.0.0.0 0.0.0.255

The extended access-list is used in the classic "FROM ip" and "TO ip"
application.  My point was to use the standard access-list applied to a
BGP session.  The only thing I can think of that you would need a FROM/TO
senerio in would be peering with Route Servers, although in this case I
use route-maps filtering on path and by address.  I don't even think an
extended access-list will apply to a bgp session, but I could be wrong. 

Your BGP peer config is going to look something like this with a standard 
access-list : 

router bgp 7171
 neighbor 198.32.69.69 remote-as 6969    ; sorry about your luck N2K Inc.
 neighbor 198.32.69.69 version 4
 neighbor 198.32.69.69 distribute-list 50 in
 neighbor 198.32.69.69 route-map as-customers out

access-list 50 deny   0.0.0.0 0.0.0.0
access-list 50 deny   0.0.0.0 0.0.0.31
access-list 50 deny   127.0.0.0 0.255.255.255
access-list 50 deny   10.0.0.0 0.255.255.255  
etc...

Todd R. Stroup
Fiber Network Solutions, Inc.

On Tue, 23 Sep 1997, Alec H. Peterson wrote:

> On Tue, Sep 23, 1997 at 12:43:29PM -0400, Todd R. Stroup wrote:
> > 
> > Why not use a standard access-list like : 
> 
> Because some people like to do prefix length filtering as well, in
> which case you need to use an extended access list.
> 
> Alec
> 
> -- 
> +------------------------------------+--------------------------------------+
> |Alec Peterson - [email protected]    | Erols Internet Services, INC.        |
> |Network Engineer                    | Springfield, VA.                     |
> +------------------------------------+--------------------------------------+
>