[c-nsp] BGP/ACL Question

[Murphy, Jay, DOH]

Second the suggestion


Jay Murphy 
IP Network Specialist 
NM Department of Health 
ITSD - IP Network Operations 
Santa Fe, New Mexico 87502 
Bus. Ph.: 505.827.2851

"We move the information that moves your world." 






-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Pete Templin
Sent: Tuesday, March 17, 2009 1:50 PM
To: Jeff Cartier
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] BGP/ACL Question

Jeff Cartier wrote:
> I'm going to be configuring CoPP to match BGP traffic between
> peers...and I am having a forgetful moment :-)...in order to match the
> BGP peer, in my ACL, should I be matching based on the BGP local
> router-ID or on the directly connected interface?

Match based on whatever the update-source is for that neighbor.  Default

is closest physical interface at the time that the session is 
established, typical practice is to use a loopback interface for iBGP 
sessions.  Router-ID won't appear in the IP headers of the packets.

pt

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

______________________________________________________________________
This inbound email has been scanned by the MessageLabs Email Security
System.
______________________________________________________________________


Confidentiality Notice: This e-mail, including all attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -- This email has been scanned by the Sybari - Antigen Email System.