[j-nsp] Generated prefix lists - simple solution to a range of
problems?
Gary Tate
gtate at juniper.net
Mon Sep 27 18:11:29 EDT 2004
If there is a feature that you require then the way to get it into
JunOS is to raise this as an ER through your Juniper Rep.
I understand that this is a great forum for discussing wish lists but I
just thought it relevant to mention that the above process is the only
way to get what you want into JunOS.
Gary
On Sep 23, 2004, at 8:11 PM, Daniel Roesen wrote:
> On Fri, Sep 24, 2004 at 02:47:23AM +0000, Christopher Morrow wrote:
>>> On Thu, Sep 23, 2004 at 01:44:58PM +0200, Jeroen Massar wrote:
>>>> See:
>>>> http://www.ietf.org/proceedings/03nov/slides/idr-3/idr-3.ppt
>>>>
>>>> and: http://arneill-py.sacramento.ca.us/
>>>> draft-py-idr-redisfilter-00.txt
>>>
>>> This is a slightly different approach for a more specific problem
>>> space.
>>
>> Perhaps also:
>> http://professional.juniper.net/roque/draft-marques-idr-flow-spec
>> -00.txt
>>
>> is applicable to this?
>
> Yes, but this is the much bigger hammer in regard to distribute
> information on what kind of traffic/IPspace to act upon, but
> also defines a limited set of specific actions. Also, it needs much
> more intrusive changes to the BGP implementation than simpler
> (but more limited in terms of flexibility) schemes.
>
> The problem for a lot of applications is NOT the distribution of the
> information via standard BGP, but that current vendors are not able
> to generate dynamic prefix-lists from that.
>
> Pedro's draft specifies two actions: discard and monitor. If vendors
> now react to such special-NLRI-signalled actions with predefined router
> behavior, this limits the usefulness for other applications.
> Especially,
> since both applications (discard and monitor) can easily implemented
> in a flexible generic way, if JunOS would be able to create dynamic
> prefix-lists which then can be used to match traffic in firewall
> filters, rewrite next-hops (e.g. to "discard", or to a monitoring host
> mapped over an LSP or whatever) in RIB-to-FIB filters or filter-based
> forwarding.
>
> Ideally, we'd have flow-spec to distribute the specification on what
> traffic we want to action upon, and then have JunOS build dynamic
> prefix-lists or even complete policy-statements which reflect this
> selection from it. But still it should be possible to generate just
> dynamic prefix-lists only, for use in own firewall filters and BGP
> prefix filters.
>
>
> Best regards,
> Daniel
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list