[c-nsp] Router memory problem

Justin Krejci JKrejci at usinternet.com
Thu Oct 27 15:54:47 EDT 2016


We use prefix-lists (not ACL) in our route-maps, BGP filtering, etc but I am curious what is wrong with distribute-lists specifically.
Is it just that they are old and less efficient CPU-wise or something? Are there known bugs in certain use cases?


________________________________________
From: Nick Cutting [ncutting at edgetg.com]
Sent: Thursday, October 27, 2016 1:54 PM
To: Jared Mauch; Justin Krejci
Cc: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Router memory problem

We had a case where we used distribute lists matching prefix lists, but some engineers were forgetting the keyword "prefix", so IOS was looking for the ACL, and the ACL did not exist, so all routes were being allowed.

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jared Mauch
Sent: Thursday, October 27, 2016 2:46 PM
To: Justin Krejci <JKrejci at usinternet.com>
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Router memory problem

On Thu, Oct 27, 2016 at 05:37:35PM +0000, Justin Krejci wrote:
> What is wrong with distribute-lists?

        You should be using a prefix-list,
as it was designed for this type of function.

        distribute-lists (and a bunch of other IOS
crutches) should go away as part of the legacy.

        If you see examples on the internet using them or access-lists to do route filtering, please don't copy those examples.

        - Jared

--
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list