[161920] in North American Network Operators' Group
Re: BCP38 - Internet Death Penalty
daemon@ATHENA.MIT.EDU (Chris Adams)
Thu Mar 28 12:52:04 2013
Date: Thu, 28 Mar 2013 11:49:44 -0500
From: Chris Adams <cmadams@hiwaay.net>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <20130328161953.GA62536@ussenterprise.ufp.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Once upon a time, Leo Bicknell <bicknell@ufp.org> said:
> The feature I would like is to set the _packet filter_ based on the
> _received routes_ over BGP.
On JUNOS, you can use
routing-options {
forwarding-table {
unicast-reverse-path feasible-paths;
}
}
to get that behavior (although it is a global option, not
per-interface, I don't think there's any harm in using it).
> Actually, received routes post prefix list.
> Consider this syntax:
>
> neighbor 1.2.3.4 install-dynamic-filter Gig10/1/2 prefix-list customer-prefixes
>
> Anything that was received would go through the prefix-list
> customer-prefixes (probably the same list used to filter their
> announcements), and then get turned into a dynamic ACL applied to
> the inbound interface (Gig10/1/2 in this case).
JUNOS does that as well. You can use the same prefix-list in both a BGP
policy filter and a firewall filter.
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
