[j-nsp] Generated prefix lists - simple solution to a range of problems?

[Daniel Roesen]

On Fri, Sep 24, 2004 at 02:47:23AM +0000, Christopher Morrow wrote:
> >On Thu, Sep 23, 2004 at 01:44:58PM +0200, Jeroen Massar wrote:
> >>See:
> >>http://www.ietf.org/proceedings/03nov/slides/idr-3/idr-3.ppt
> >>
> >>and: http://arneill-py.sacramento.ca.us/ 
> >>draft-py-idr-redisfilter-00.txt
> >
> >This is a slightly different approach for a more specific problem
> >space.
> 
> Perhaps also:
> http://professional.juniper.net/roque/draft-marques-idr-flow-spec-00.txt
> 
> is applicable to this?

Yes, but this is the much bigger hammer in regard to distribute
information on what kind of traffic/IPspace to act upon, but
also defines a limited set of specific actions. Also, it needs much
more intrusive changes to the BGP implementation than simpler
(but more limited in terms of flexibility) schemes.

The problem for a lot of applications is NOT the distribution of the
information via standard BGP, but that current vendors are not able
to generate dynamic prefix-lists from that.

Pedro's draft specifies two actions: discard and monitor. If vendors
now react to such special-NLRI-signalled actions with predefined router
behavior, this limits the usefulness for other applications. Especially,
since both applications (discard and monitor) can easily implemented
in a flexible generic way, if JunOS would be able to create dynamic
prefix-lists which then can be used to match traffic in firewall
filters, rewrite next-hops (e.g. to "discard", or to a monitoring host
mapped over an LSP or whatever) in RIB-to-FIB filters or filter-based
forwarding.

Ideally, we'd have flow-spec to distribute the specification on what
traffic we want to action upon, and then have JunOS build dynamic
prefix-lists or even complete policy-statements which reflect this
selection from it. But still it should be possible to generate just
dynamic prefix-lists only, for use in own firewall filters and BGP
prefix filters.


Best regards,
Daniel