[c-nsp] IPv6 filters
Gert Doering
gert at greenie.muc.de
Fri Nov 15 03:37:11 EST 2013
Hi,
On Fri, Nov 15, 2013 at 06:49:43AM +0100, Mikael Abrahamsson wrote:
> On Thu, 14 Nov 2013, Gert Doering wrote:
>
> >Easier on CPU load but more maintenance if prefixes keep being added is
> >to filter by prefix-list... so it depends a bit on how fast your
> >router's CPU is, how often prefixes change, etc.
>
> Just using prefix-lists has drawbacks as well, since customers who are no
> longer customers can end up being transited to your network because you
> now receive the prefix via a peer, but still announce it to your transits.
True. As soon as customers with a BGP uplink enter the mix, I'd go for
a community-based scheme ("to-be-exported prefixes get stamped with a
specific BGP community, and the export filters check on community values
only") - but for "I'm just a dual-homed leaf AS", this is way overkill.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20131115/0793624c/attachment.sig>
More information about the cisco-nsp
mailing list