I want to ask you advice about the policy for BGP prefix filtering. The main idea is to automatize the process of prefix filtering. I've read a lot of articles about it, but I need to discuss it to be sure about the correct way to implement it on practice.
A few words about our network... Our company is ISP. We are using C7200, C7600 and AS5350XM for peering, connection to the upstreams and the customers.
A few main questions:
1. To create the prefix-list or as-path acl I am using RtConf or bgpq. Than I use our own script to connect via telnet/ssh to a router. Is it normal practice? Do you use your own script(perl, bash, etc) or mix of it with the programs like Rancid?
2.If to put a few prefix-lists on AS5350XM the output of the config will be not a simple task and I afraid it could be the problem to keep in RAM so many information. Some prefix-list can contain more than 10 000 strings and if we have about 50 peers on the router, than it will be a problem. Or you can imagine the prefix-list for the route-server on DECIX, LINX, etc. What do you think about it?
3.Is it good idea to use uRPF? What do you recommend?
4.To protect the network from bogons, martians, unallocated ip-addresses I am thinking about using the prefix-list on 10 300 strings (question 2) or use the bogon route-server from team-cymru. It is very hard to trust the route-server... what could be if it will advertise the normal prefixes... What do you about it? Maybe I just can't effort such kind of protection with my resources.
5. Very often some prefixes from peers would be filtered by my prefix-list. Should I ask them about the situation (check RIPE, etc.), or just forget about it? What would be better?
P.S. I am talking about the prefix-lists because the as-path acls can't do the filtering as strict as the prefix-lists do.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...