Just need some confirmation on route-map logic. It is right to state:
'OR'logic:
route-map PEERING-FILTER-OUT permit 10
match as-path 20
!
route-map PEERING-FILTER-OUT permit 20
match ip address prefix-list SOLIDNET-CIDR-BLOCK
'AND' logic:
route-map PEERING-FILTER-OUT permit 10
match as-path 20
match ip address prefix-list SOLIDNET-CIDR-BLOCK
We are also trying to improve on 'prefix-leak' security in our network
to prevent unauthroized transit traffic through. We have in place route-
map such as above and varients but are wondering if there is other
experience/pointers in tightening/improving this. This is especially
with our bilateral peering partners who carelessly configure their
filters.
Thanks in advance.
-nick/
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:09 EDT