North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: BGP community based IP filtering
I've been having an email discussion with a couple of Cisco engineers about how useful BGP community based IP filtering might be. The following IOS config fragment might help explain what I'm getting at: int fddi0 ip access-group community-list 10 in ! ip community-list 10 permit AA:BB ip community-list 10 permit CC:DD ! If you are using communities to make your prefix announcements to peers, this then allows the router to filter incoming IP packets that match your announcements. Excepting things like CPU load, implementation details, etc do you think this would be helpful, or am I way off with this? I'm not sure about this but communities would be a lot more useful if there was more facilities to mask them out, delete individual communities etc. I would really like to be able to say "remove any of my private (ie local) communities" that I might receive from a customer while accepting the ones I have told them they can use. Similarly I would like to be able to say "remove this specific community" on announcements down this specific link(s). Mark.