[c-nsp] IPv6 access-lists/BGP filter
Nick Kraal
nick at arc.net.my
Wed Jan 17 03:48:50 EST 2007
Thanks Gert for your reply. Maybe I should be a bit clearer.
We are thinking of this as we are receiving /35s, /40s, /48s from our
bi-lateral peers/downstream customers and did not want to carelessly
populate the v6 routing table when a /32 should do fine.
We do use prefix filters for customers, but for v6 peering links we use
as-path ACLs. So was thinking of a generic filter to chuck away anything
larger than /32.
Regards,
-nick/
Gert Doering wrote:
> Hi,
>
> On Wed, Jan 17, 2007 at 03:11:14PM +0800, Nick Kraal wrote:
>> What is the best way to write a BGP filter to prevent
>> receiving/announcing **all** IPv6 addresses larger than a /32.
>
> Bad idea (because you'll lose fairly important networks that way, like
> "DNS Root-Servers").
>
> For generic IPv6 BGP filter recommendations (unfortunately a bit outdated
> regarding /12s - to be updated soon) you might want to read through
>
> http://www.space.net/~gert/RIPE/ipv6-filters.html
>
> it has some discussions regarding the "why", and example configs for
> Cisco and Juniper.
>
> gert
>
More information about the cisco-nsp
mailing list