[c-nsp] IPv6 access-lists/BGP filter

Nick Kraal nick at arc.net.my
Wed Jan 17 03:48:50 EST 2007


Thanks Gert for your reply. Maybe I should be a bit clearer.

We are thinking of this as we are receiving /35s, /40s, /48s from our 
bi-lateral peers/downstream customers and did not want to carelessly 
populate the v6 routing table when a /32 should do fine.

We do use prefix filters for customers, but for v6 peering links we use 
as-path ACLs. So was thinking of a generic filter to chuck away anything 
larger than /32.

Regards,

-nick/

Gert Doering wrote:
> Hi,
> 
> On Wed, Jan 17, 2007 at 03:11:14PM +0800, Nick Kraal wrote:
>> What is the best way to write a BGP filter to prevent 
>> receiving/announcing **all** IPv6 addresses larger than a /32.
> 
> Bad idea (because you'll lose fairly important networks that way, like
> "DNS Root-Servers").
> 
> For generic IPv6 BGP filter recommendations (unfortunately a bit outdated
> regarding /12s - to be updated soon) you might want to read through
> 
>   http://www.space.net/~gert/RIPE/ipv6-filters.html
> 
> it has some discussions regarding the "why", and example configs for
> Cisco and Juniper.
> 
> gert
> 


More information about the cisco-nsp mailing list