Re: Route filters, IRRs, and route objects
Yes, This is true, and I am using cisco prefix list already, and "upto" notation on juniper boxes. The problem is that some providers (like LEVEL3) requires that all routes are registered in some IRR before they will consider them valid/legitimate.... So I have filters accepting from my customers whatever le 24, but once those routes are propagated over Internet and they reach eventually providers like Level3, they have their filters accepting only those routes, which are registered on some IRR in exact way.... Przemek On Wed, 2002-03-27 at 14:56, Rob wrote:
this can be easily achieved on ciscos (IOS 11.3.1 and up) by using prefix lists. note the following example:
ip prefix-list 1 permit 10.0.0.0/18 le 24
the le 24 at the end indicates that this line of the prefix list will allow any prefix less than or equal to 24 within the 10.0.0.0/18 block. apply this inbound to your bgp neighbor and there is your filter. for this particular example, you could use any number from 19 to 32 to indicate how long of a prefix you will allow.
i hope this answers your question. cheers!
-R
Przemyslaw Karwasiecki [karwas@ifxcorp.com] wrote:
Hello,
I would like to ask you for an advice in regards to "proxy registering" of customer route objects in IRR.
What is the best current practice in a situation, when your customers want to advertise to you several /18 or /19 but they also have a requirement to be able to advertise some deaggregated routes on top of aggregates.
It is very common that they are unable to predict exactly which deaggregated routes they will need to advertise, as they use those to achieve some traffic engineering objectives which change over time. And "over time" does NOT occur once per 30 minutes or so, so they DON'T generate any major BGP fluctuations.
Forgive my ignorance, but is my understanding of RPSL correct, that it should be possible to specify routes in a way which will allow cover aggregate plus whole set of possible more specific routes upto certain netmask length. Something like: 10.0.0.0/18^18-24
So why this is uncommon to use such notation to describe routing policy, and use it to generate filters?
Why it is required by some providers to generate explicit, exact route objects, in order to allow routes through their filters?
Is it really necessary to "explode" route-sets like those 10.0.0.0/m^m-n into 2^(n-m+1) separate route objects to meet requirements of some providers?
I believe that this is very common problem, so if there are any places on the web with some "best practice" documents, please point me to them.
Thank you,
Przemek
So I have filters accepting from my customers whatever le 24, but once those routes are propagated over Internet and they reach eventually providers like Level3, they have their filters accepting only those routes, which are registered on some IRR in exact way....
Are you sure that level3 filters external routes against all IRR, or (likely) is it just routes they are willing to hear their own from customers? If they filter global routes in the way you describe then I believe their customer base will be disappointed once the radb purges unpaid objects on April 2 (http://www.radb.net/) -mark
participants (2)
-
Mark Kent
-
Przemyslaw Karwasiecki