[c-nsp] temporary static routes
Douglas C. Stephens
stephens at ameslab.gov
Tue Jan 6 14:43:35 EST 2009
Cord,
Our IOS feature set on our routers does not include time-based ACLs. Our
ASA and FWSM firewalls have them, but our experience using them was very
poor (e.g., hung device when triggered off). We looked at a FOSS RANCID-
like solution to push static route directives to our routers, but the time
to apply a change to all necessary devices was going to be too high.
Instead, we went with a FOSS solution based on MySQL and Quagga
(http://www.quagga.net/) that injects the static routes directly into
our IGP protocol. Even using Cisco default timing parameters, null routes
injected this way percolate through our entire IGP scope in less than ten
seconds.
At 11:24 AM 1/6/2009, Cord MacLeod wrote:
>I'm looking to inject static routes for a particular period of time
>into a router then have them expire after a given amount of time.
>
>For instance ip route xxx.xxx.xxx.xxx 255.255.255.255 Null0, and have
>this line removed after 24 hours. Would IOS have a way to do this, or
>am I looking at having to script this?
>
>I'm running 12.2(25)SEB4, RELEASE SOFTWARE (fc1).
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Douglas C. Stephens | Network/DNS/Unix/Windows Admin
System Support Specialist | Email Postmaster
Information Systems | Phone: (515) 294-6102
Ames Laboratory, US DOE | Email: stephens at ameslab.gov
More information about the cisco-nsp
mailing list