[10691] in North American Network Operators' Group
Re: weird BGP cisco-ism? [problem resolved]
daemon@ATHENA.MIT.EDU (Danny McPherson)
Fri Jul 11 22:33:51 1997
To: Chris Garner <cgarner@sni.net>
cc: nanog@merit.edu
From: Danny McPherson <danny@genuity.net>
Reply-To: danny@genuity.net
Date: Fri, 11 Jul 1997 17:42:15 -0700
> You can build your customer BGP filters off data in the IRR. Make
> it a requirement that BGP customers must keep that information up to date
> (or do it for them).
OK. So I apply an ingress filter (ideally built from the IRRs) to a customer
peer. Then I have to add the cusomter's AS(s) prefixes to every eBGP peer's
egress ACL (including customer peers) so that the networks will be permitted.
The customer begins advertising a newly allocated netblock. Now virtually
*every* BGP peers ACL has to be modified & deployed and the source AS will
need to either flap the route or reset the session.
If I had tagged the customer's prefixes with a BGP community when I picked up
the routes ..and have filters in place that deny/permit predefined communities
to all eBGP peers, all I would need to be concerned with is the customer's
ingress ACL.
IMO, ACLs alone won't scale.
-danny
