[c-nsp] Dropping traffic based on source address

Rick Ernst ernst at easystreet.com
Sun Jul 3 01:43:42 EDT 2005


On Sat, 2 Jul 2005, Barry Greene (bgreene) wrote:

:>As mentioned getting a one of the freeware based Unix/BGP
:>implementations would make the best "trigger router." This allows you to
:>build scripts to trigger which prefixes are Null0ed or marked with a
:>community. Connecting it as a route reflector client works A-OK.
:>
:>Let me know if you have any questions.


I've successfully used BGP route injection and uRPF to block traffic that I
don't want on my network.  I would also really like to be able to tweak
traffic based on BGP injection, but I wasn't aware there was a way to
advertise the routes without having the announcing device accept traffic
for the prefixes it advertises.

Do I understand your statement as being able to do the above?  The examples
I've seen so far in the documentation you listed base the identification on
ACLs.

In other words, if I'm receiving a.b.c.d/24 from a neighbor, can I inject
the same, or larger, prefix internally and use it to classify or mark the
traffic, without the traffic swinging over to internal advertiser?

If so, this opens up all kinds of interesting possibilities...


Thanks!

Rick




More information about the cisco-nsp mailing list