[nsp] route-map logic

From: nick@arc.net.my
Date: Sat Mar 23 2002 - 05:24:31 EST


Just need some confirmation on route-map logic. It is right to state:

'OR'logic:
route-map PEERING-FILTER-OUT permit 10
 match as-path 20
!
route-map PEERING-FILTER-OUT permit 20
 match ip address prefix-list SOLIDNET-CIDR-BLOCK

'AND' logic:
route-map PEERING-FILTER-OUT permit 10
 match as-path 20
 match ip address prefix-list SOLIDNET-CIDR-BLOCK

We are also trying to improve on 'prefix-leak' security in our network
to prevent unauthroized transit traffic through. We have in place route-
map such as above and varients but are wondering if there is other
experience/pointers in tightening/improving this. This is especially
with our bilateral peering partners who carelessly configure their
filters.

Thanks in advance.

-nick/



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:09 EDT