nanog mailing list archives
Re: route filtering in large networks
From: Lars Erik Gullerud <lerik () nolink net>
Date: 13 Mar 2003 18:45:36 +0100
On Thu, 2003-03-13 at 04:47, Richard A Steenbergen wrote:
Personally I don't think it's "too" hard to setup some scripts scripts which can apply updated bogon and other important prefix-list updates globally. Rancid and about 15 lines of shell script should do you just fine. If you're lucky enough to have Juniper's, you can use the same prefix-list to filter both routes and packets.
Sorry to break in here with something as inappropriate as a technical comment but... Actually, you can't. But it is a common error people do on J boxes. If you use prefix-lists in your routing policy on the Js, they will only match the exact prefix-length specified, not longer prefixes from within it. If you want to match prefixes of any given length within say, a /8 (a typical entry in a bogon list), you have to use route-lists (route-filter statements), which can not be used in your packet filters (firewall config)... /leg
Current thread:
- route filtering in large networks, (continued)
- route filtering in large networks Andy Dills (Mar 12)
- Re: route filtering in large networks Richard A Steenbergen (Mar 12)
- Re: route filtering in large networks Jack Bates (Mar 12)
- RE: route filtering in large networks Michael K. Smith (Mar 12)
- Re: route filtering in large networks Jack Bates (Mar 12)
- Re: route filtering in large networks Peter E. Fry (Mar 12)
- Re: route filtering in large networks Christopher L. Morrow (Mar 12)
- Re: route filtering in large networks Rob Thomas (Mar 12)
- Re: route filtering in large networks Randy Bush (Mar 12)
- Re: route filtering in large networks E.B. Dreger (Mar 13)
- Re: route filtering in large networks Lars Erik Gullerud (Mar 13)
- Re: route filtering in large networks Alan Hannan (Mar 12)
- Re: route filtering in large networks Randy Bush (Mar 12)
- Re: route filtering in large networks Andy Dills (Mar 12)
- Re: route filtering in large networks Randy Bush (Mar 13)
- Re: route filtering in large networks Dorian Kim (Mar 13)
- Re: route filtering in large networks Stephen Sprunk (Mar 13)
- Re: route filtering in large networks Iljitsch van Beijnum (Mar 13)
- IETF BOF on Network Configuration (netconf) Sean Donelan (Mar 13)
- RE: Put part of Google on 69/8 (was Re: 69/8...this sucks) Vivien M. (Mar 12)
- Re: Put part of Google on 69/8 (was Re: 69/8...this sucks) Jack Bates (Mar 12)