[j-nsp] dynamic prefix list based on as-path .. is it possible?
Alexander Arseniev
arseniev at btinternet.com
Wed Jul 29 03:06:21 EDT 2015
Hello,
SCU can be used in this scenario
http://www.juniper.net/documentation/en_US/junos14.2/topics/task/configuration/scu-or-dcu-configuring-junos-nm.html
To drop traffic matching your chosen SCU in a firewall filter, use
set forwarding-options family inet filter output YouRscUfilteRname
But - have You ever heard of IP source address spoofing?
HTH
Thanks
Alex
On 28/07/2015 23:49, tim tiriche wrote:
> Hello,
>
> Goal: on transit provider link, allow ASN XYZ to reach port 80 and drop all
> other destined to port 80?
>
>
> I don't want to build a static filter as ASN XYZ could have additional
> updates.
> Not sure if flowspec can match on as-path?
>
> Any pointers would be helpful.
>
> Thanks,
> -Tim
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list