|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BGP community based IP filtering
I've been having an email discussion with a couple of Cisco engineers about
how useful BGP community based IP filtering might be. The following IOS
config fragment might help explain what I'm getting at:
int fddi0
ip access-group community-list 10 in
!
ip community-list 10 permit AA:BB
ip community-list 10 permit CC:DD
!
If you are using communities to make your prefix announcements to peers,
this then allows the router to filter incoming IP packets that match your
announcements. Excepting things like CPU load, implementation details, etc
do you think this would be helpful, or am I way off with this?
I'm not sure about this but communities would be a lot more useful if
there was more facilities to mask them out, delete individual
communities etc.
I would really like to be able to say "remove any of my private (ie
local) communities" that I might receive from a customer while
accepting the ones I have told them they can use. Similarly I would
like to be able to say "remove this specific community" on
announcements down this specific link(s).
Mark.
|