nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: route filtering in large networks

From: Lars Erik Gullerud <lerik () nolink net>
Date: 13 Mar 2003 18:45:36 +0100

On Thu, 2003-03-13 at 04:47, Richard A Steenbergen wrote:


Personally I don't think it's "too" hard to setup some scripts scripts
which can apply updated bogon and other important prefix-list updates
globally. Rancid and about 15 lines of shell script should do you just
fine. If you're lucky enough to have Juniper's, you can use the same 
prefix-list to filter both routes and packets.


Sorry to break in here with something as inappropriate as a technical
comment but... Actually, you can't. But it is a common error people do
on J boxes. If you use prefix-lists in your routing policy on the Js,
they will only match the exact prefix-length specified, not longer
prefixes from within it. If you want to match prefixes of any given
length within say, a /8 (a typical entry in a bogon list), you have to
use route-lists (route-filter statements), which can not be used in your
packet filters (firewall config)...

/leg
Previous By Date Next
Previous By Thread Next

Current thread: