[j-nsp] Firewall filters based on BGP communities.
Mark Tinka
mtinka at globaltransit.net
Fri May 9 21:37:47 EDT 2008
On Saturday 10 May 2008, Joe Metzger wrote:
> Does anybody have any suggestions about the best way to
> manage a firewall
> filter that is based on BGP community attributes?
Sounds like what you need is SCU (Source Class Usage) or DCU
(Destination Class Usage).
We do something like this, but for DCU; we have only tried
it with firewall policers, though, but you should be able
to accept and discard packets accordingly.
Our requirement was to restrictively police traffic destined
to a particular set of routes, while policing at a
different rate for the rest of the routes. These routes
were identified using BGP communities.
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: This is a digitally signed message part.
Url : https://puck.nether.net/pipermail/juniper-nsp/attachments/20080510/327d5362/attachment.bin
More information about the juniper-nsp
mailing list