[j-nsp] Generated prefix lists - simple solution to a range of
problems?
Jeroen Massar
jeroen at unfix.org
Thu Sep 23 07:44:58 EDT 2004
On Thu, 2004-09-23 at 13:39, Daniel Roesen wrote:
> On Thu, Sep 23, 2004 at 01:21:04PM +0200, David Monosov wrote:
> > - Import Cymru's bogon list from AS 65333, tagged with community
> > 65333:888 via BGP
> > - A prefix list called bogon-prefixes is generated using a policy which
> > accepts only routes from that BGP peer, tagged with that community, and
> > marks each route as "X.X.X.X/Y orlonger".
> > - I can now apply the generated prefix-list to my peers import policy as
> > reject in order to reject *all* bogon routes, including more specifics.
>
> This would be incredible useful for a lot of things. Effectively,
> it would allow you do remote-control all your routers via IBGP for
> any kind of ACLs and even more exotic things like RIB/FIB attribute
> manipulation via policy engine.
See:
http://www.ietf.org/proceedings/03nov/slides/idr-3/idr-3.ppt
and: http://arneill-py.sacramento.ca.us/ draft-py-idr-redisfilter-00.txt
Greets,
Jeroen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/juniper-nsp/attachments/20040923/b955eafe/attachment-0001.bin
More information about the juniper-nsp
mailing list