[12583] in North American Network Operators' Group
Re: Packets from net 10 (no, not the lyrics)
daemon@ATHENA.MIT.EDU (Todd R. Stroup)
Tue Sep 23 17:10:45 1997
Date: Tue, 23 Sep 1997 16:43:16 -0400 (EDT)
From: "Todd R. Stroup" <tstroup@fibernet.net>
To: "Alec H. Peterson" <ahp@hilander.com>
cc: bmanning@ISI.EDU, Mohamad Eljazzar <eljazzar@ns.utk.edu>, nanog@merit.edu
In-Reply-To: <19970923140454.39363@ramirez.hilander.com>
I disagree.. how about this:
access-list 50 deny 0.0.0.0 0.0.0.31
or for those brave folk:
access-list 50 deny 0.0.0.0 0.0.0.255
The extended access-list is used in the classic "FROM ip" and "TO ip"
application. My point was to use the standard access-list applied to a
BGP session. The only thing I can think of that you would need a FROM/TO
senerio in would be peering with Route Servers, although in this case I
use route-maps filtering on path and by address. I don't even think an
extended access-list will apply to a bgp session, but I could be wrong.
Your BGP peer config is going to look something like this with a standard
access-list :
router bgp 7171
neighbor 198.32.69.69 remote-as 6969 ; sorry about your luck N2K Inc.
neighbor 198.32.69.69 version 4
neighbor 198.32.69.69 distribute-list 50 in
neighbor 198.32.69.69 route-map as-customers out
access-list 50 deny 0.0.0.0 0.0.0.0
access-list 50 deny 0.0.0.0 0.0.0.31
access-list 50 deny 127.0.0.0 0.255.255.255
access-list 50 deny 10.0.0.0 0.255.255.255
etc...
Todd R. Stroup
Fiber Network Solutions, Inc.
On Tue, 23 Sep 1997, Alec H. Peterson wrote:
> On Tue, Sep 23, 1997 at 12:43:29PM -0400, Todd R. Stroup wrote:
> >
> > Why not use a standard access-list like :
>
> Because some people like to do prefix length filtering as well, in
> which case you need to use an extended access list.
>
> Alec
>
> --
> +------------------------------------+--------------------------------------+
> |Alec Peterson - ahp@hilander.com | Erols Internet Services, INC. |
> |Network Engineer | Springfield, VA. |
> +------------------------------------+--------------------------------------+
>
