On Thu, 2003-03-13 at 04:47, Richard A Steenbergen wrote:
Personally I don't think it's "too" hard to setup some scripts scripts which can apply updated bogon and other important prefix-list updates globally. Rancid and about 15 lines of shell script should do you just fine. If you're lucky enough to have Juniper's, you can use the same prefix-list to filter both routes and packets.
Sorry to break in here with something as inappropriate as a technical comment but... Actually, you can't. But it is a common error people do on J boxes. If you use prefix-lists in your routing policy on the Js, they will only match the exact prefix-length specified, not longer prefixes from within it. If you want to match prefixes of any given length within say, a /8 (a typical entry in a bogon list), you have to use route-lists (route-filter statements), which can not be used in your packet filters (firewall config)... /leg