[c-nsp] IPv6 filters
Gert Doering
gert at greenie.muc.de
Thu Nov 14 15:25:58 EST 2013
Hi,
On Thu, Nov 14, 2013 at 07:58:26AM -0800, Scott Voll wrote:
> I'm currently using a filter list:
>
> ip as-path access-list 1 permit ^$
> ip as-path access-list 1 deny .*
>
> to make sure I'm not a transit provider.
>
> in my googleing around I'm not seeing that done in IPv6
Besides the CPU impact (what Nick pointed out), this is actually *good*
practice, both for IPv4 and for IPv6.
Easier on CPU load but more maintenance if prefixes keep being added
is to filter by prefix-list... so it depends a bit on how fast your
router's CPU is, how often prefixes change, etc.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20131114/5e7a37b0/attachment.sig>
More information about the cisco-nsp
mailing list