[f-nsp] Juniper filter

Thomas Mangin thomas.mangin at exa-networks.co.uk
Wed Aug 24 19:43:33 EDT 2005


Hello,

I am wondering if there is a way with a juniper create a filter to allow
only traffic which source or/and destination ip is in the routing table
with a particuliar bgp tag ?

The reason is that I want to do in and ouband filtering. atm, I am using
prefix-list but it require maintenance for each new customer you add to
your config. All my customer (and my originated) routes are tagged when
learned, so I should be able to say that if a packet arrives to an ebgp
router and does does not have one of those tag, it can not be legit.

The other way to automate this would be to configure an host to generate
the prefix-list on a regular basis from a dump of the bgp table and
update my routers, but it is not as "elegant"

Any suggestion is welcome.

Regards.

Thomas
---
I already have "routing-options forwarding-table unicast-reverse-path
feasible-paths" but I do not think it will catch all the possible cases.



More information about the foundry-nsp mailing list