[nsp] route-map logic

From: nick@arc.net.my
Date: Sat Mar 23 2002 - 05:24:31 EST

Next message: pankaj: "Re: [nsp] is this cisco2912XL 's bug or else."
Previous message: Douglas M. Todd, Jr.: "RE: [nsp] is this cisco2912XL 's bug or else."
Next in thread: Przemyslaw Karwasiecki: "[nsp] route-map logic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Just need some confirmation on route-map logic. It is right to state:

'OR'logic:
route-map PEERING-FILTER-OUT permit 10
match as-path 20
!
route-map PEERING-FILTER-OUT permit 20
match ip address prefix-list SOLIDNET-CIDR-BLOCK

'AND' logic:
route-map PEERING-FILTER-OUT permit 10
match as-path 20
match ip address prefix-list SOLIDNET-CIDR-BLOCK

We are also trying to improve on 'prefix-leak' security in our network
to prevent unauthroized transit traffic through. We have in place route-
map such as above and varients but are wondering if there is other
experience/pointers in tightening/improving this. This is especially
with our bilateral peering partners who carelessly configure their
filters.

Thanks in advance.

-nick/

Next message: pankaj: "Re: [nsp] is this cisco2912XL 's bug or else."
Previous message: Douglas M. Todd, Jr.: "RE: [nsp] is this cisco2912XL 's bug or else."
Next in thread: Przemyslaw Karwasiecki: "[nsp] route-map logic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:09 EDT