[j-nsp] Firewall filters based on BGP communities.
Joe Metzger
metzger at es.net
Fri May 9 18:03:24 EDT 2008
Does anybody have any suggestions about the best way to manage a
firewall
filter that is based on BGP community attributes?
IE, I have around 12,000 BGP routes in my table with community
65534:10 set.
I would like to write a firewall term something like:
term customers {
from {
source-address community 65534:10;
}
then {
accept;
}
term everybody-else {
then {
discard;
}
}
But of course this doesn't work.
Obviously I could write a script that dumps the BGP table and
creates a prefix list, but this will be a pain to manage
and a lot of config churn. Is something more elegant possible?
Suggestions?
--Joe
More information about the juniper-nsp
mailing list