[j-nsp] Filter created from bgp route tag ?

Harry Reynolds harry at juniper.net
Wed Aug 24 21:24:43 EDT 2005 

Sounds like you want to apply filters in the data plane based on
advertised BGP NLRI. If so, check out this recent posting.

On Tue, 2005-08-16 at 17:22 +0000, Jared Mauch wrote:

> > To me....it just seems far easier to have the route server broadcast

> > the data via iBGP...
> 
> 	So would something like this help?
> 
> http://www.tcb.net/draft-marques-idr-flow-spec-00.txt
> 

There is more recent version:
http://professional.juniper.net/roque/draft-marques-idr-flow-spec-02.txt

more info:
http://www.juniper.net/techpubs/software/junos/junos73/swconfig73-routin
g/html/routing-tables-config52.html
http://professional.juniper.net/roque/traffic-filter.pdf

  Pedro.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
 

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Thomas Mangin
> Sent: Wednesday, August 24, 2005 4:45 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Filter created from bgp route tag ?
> 
> Hello,
> 
> I am wondering if there is a way with a juniper create a 
> filter to allow only traffic which source or/and destination 
> ip is in the routing table with a particuliar bgp tag ?
> 
> The reason is that I want to do in and ouband filtering. atm, 
> I am using prefix-list but it require maintenance for each 
> new customer you add to your config. All my customer (and my 
> originated) routes are tagged when learned, so I should be 
> able to say that if a packet arrives to an ebgp router and 
> does does not have one of those tag, it can not be legit.
> 
> The other way to automate this would be to configure an host 
> to generate the prefix-list on a regular basis from a dump of 
> the bgp table and update my routers, but it is not as "elegant"
> 
> Any suggestion is welcome.
> 
> Regards.
> 
> Thomas
> ---
> I already have "routing-options forwarding-table 
> unicast-reverse-path feasible-paths" but I do not think it 
> will catch all the possible cases.
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list