I'm trying to get some time to actually put it in a router and test, but I believe there is a way to get similar functionality through a combination of route-map entries. When I have actual router config (I'll be testing on Cisco, but if anyone want's to provide me a Juniper testbed, I'll be happy to try that too), I'll post it. If I can't, I'll post a public apology and start beating on vendors to make it possible. :-) Owen --On Wednesday, March 12, 2003 11:41 PM +1100 David Luyer <david@luyer.net> wrote:
Stephen J Wilcox wrote:
On Wed, 12 Mar 2003, David Luyer wrote:
Iljitsch van Beijnum wrote:
On Tue, 11 Mar 2003, Owen DeLong wrote:
In short, it doesn't. Longer answer, if the ISP configures his router correctly, he can actually refuse to accept advertisements from other sessions that are longer versions of prefixes received through this session.
How???
There is a technically possible (but rather twisted) way you could not use the adverts, but not a way to refuse receiving them that I know of.
I think youre mixing up with ingress filtering by prefix list which you can specify prefix length on and hence ignore longer (or smaller) matches.
The example I provided achieved both ingress and egress filtering based on routes in a bogon BGP feed, in a way which would even block when a more-specific route is in the provider's BGP table. While it didn't actually prevent the routes being in the routing table (as I said, it doesn't provide a way to stop receiving them), it does prevent traffic from and to the bogon locations, which is a significant part of the reason to use bogon lists.
However, yes, it has some deficiencies[1] compared with using the static bogon lists for route filtering (and ingress/egress); it does not prevent routing table bloat, and it does not prevent traffic travelling across your WAN to the point of network egress only to be dropped.
If you want to actually not receive into your network at all the BGP routes which match bogons, as I stated earlier, there is no way I know of to do this via a BGP feed. The only way to do it that I know of would be to use either a prefix list or a standard ACL (you can do anything you can do with a prefix list with a compiled extended ACL on BGP routes, it's just less clear to read as an extended ACL).
Although, Owen DeLong has stated that it is possible, so maybe we should wait for his response :-)
David.
[1] Apart from simply being a completely twisted design.