|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: route filtering in large networks
On Thu, 2003-03-13 at 04:47, Richard A Steenbergen wrote: > Personally I don't think it's "too" hard to setup some scripts scripts > which can apply updated bogon and other important prefix-list updates > globally. Rancid and about 15 lines of shell script should do you just > fine. If you're lucky enough to have Juniper's, you can use the same > prefix-list to filter both routes and packets. Sorry to break in here with something as inappropriate as a technical comment but... Actually, you can't. But it is a common error people do on J boxes. If you use prefix-lists in your routing policy on the Js, they will only match the exact prefix-length specified, not longer prefixes from within it. If you want to match prefixes of any given length within say, a /8 (a typical entry in a bogon list), you have to use route-lists (route-filter statements), which can not be used in your packet filters (firewall config)... /leg
|