nanog mailing list archives
Re: BGP community based IP filtering
From: Jerry Scharf <scharf () vix com>
Date: Thu, 15 Jan 1998 07:46:12 -0800
I've been having an email discussion with a couple of Cisco engineers about how useful BGP community based IP filtering might be. The following IOS config fragment might help explain what I'm getting at: int fddi0 ip access-group community-list 10 in ! ip community-list 10 permit AA:BB ip community-list 10 permit CC:DD ! If you are using communities to make your prefix announcements to peers, this then allows the router to filter incoming IP packets that match your announcements. Excepting things like CPU load, implementation details, etc do you think this would be helpful, or am I way off with this?
IMO, this still has the problem of there being a local agreement between the peers that require them to have a clue or everyone has bogus announces. There is hopefully going to be a presentation at NANOG by Tony and Yakov about cryptographic signing of prefix origination. This is a load more work in several ways, but it does strike at the heart of the problem. jerry
Regards Matt. --- Matt Ryan - Network Engineer matt () planet net uk Planet OnLine Ltd, The White House, Tel: +44 113 2345566 Melbourne Street, Leeds, LS2 7PS, UK Fax: +44 113 2240003
Current thread:
- BGP community based IP filtering Matt Ryan (Jan 15)
- Re: BGP community based IP filtering Jerry Scharf (Jan 15)
- Re: BGP community based IP filtering Alan Hannan (Jan 15)
- Re: BGP community based IP filtering Dorian R. Kim (Jan 15)
- Open Standards vs IOPS etc [was Re: BGP community based IP filtering] Chris Layton (Jan 16)
- Re: Open Standards vs IOPS etc [was Re: BGP community based IP filtering] Dorian R. Kim (Jan 16)
- Re: Open Standards vs IOPS etc [was Re: BGP community based IP filtering] Howard C. Berkowitz (Jan 16)
- Re: BGP community based IP filtering Dorian R. Kim (Jan 15)
- Message not available
- Re: Open Standards vs IOPS etc [was Re: BGP community based IP filtering] Paul Ferguson (Jan 16)
- Re: BGP community based IP filtering Alan Hannan (Jan 16)
- Re: BGP community based IP filtering Dorian R. Kim (Jan 15)
- Is Whois.ra.net Server process down ???? Network Operations Center (Jan 16)