Ah..so longest match still winsunderstood. thanks again.
david
On 25/01/2008, Pekka Savola <[EMAIL PROTECTED]> wrote:
> On Fri, 25 Jan 2008, David Ball wrote:
> > Pekka, I'm not sure I caught why your example of a BGP customer
> > advertising an aggregate to us but the specifics to anot
On Fri, 25 Jan 2008, David Ball wrote:
> Pekka, I'm not sure I caught why your example of a BGP customer
> advertising an aggregate to us but the specifics to another upstream
> wouldn't work. If 'feasible-paths' is in use, doesn't that alleviate
> the problem? Even if the 'preferred' path is n
Thanks for the responses all, and for the pointer to the
'feasible-paths' config Doug. Strange that they don't mention those
knobs in the 'RPF with asymmetry' docs at juniper.net. As all of our
internet customers are put into the same routing-instance, I can't
help but wonder what resource issu
On Thu, 24 Jan 2008, David Ball wrote:
> I suppose uRPF would do the trick, though since I have some
> customers with redundant connectivity to us, asymmetry is possible.
> So, in that case we'd end up having to maintain prefix-lists after
> all, which we'd reference in the 'rpf-check fail-filter
On Friday 25 January 2008 03:00, Peter E. Fry wrote:
> I'm curious myself...
> I guess URPF doesn't fit your needs? I'm not sure how
> a community match would differ a whole lot. Sadly
> enough, the best method I can think of offhand would be
> to run two filters -- one general and one speci
I suppose uRPF would do the trick, though since I have some
customers with redundant connectivity to us, asymmetry is possible.
So, in that case we'd end up having to maintain prefix-lists after
all, which we'd reference in the 'rpf-check fail-filter'.
I had done away with prefix-lists for th
On Thu, 24 Jan 2008, David Ball wrote:
> I'm now struggling to find another way to prevent our customers from
> spoofing. The previous method relied on a firewall filter which
> indeed references a prefix-list of all our customers' space. I'm
> having a hard time getting away from this, as I can
[...]
> I'm now struggling to find another way to prevent our
> customers from spoofing. The previous method relied on a
> firewall filter which indeed references a prefix-list of
> all our customers' space. I'm having a hard time getting
> away from this, as I can't create a firewall filter wh
We use community-based routing for our internet customers in that
any static routes or accepted BGP routes are tagged with a community,
such that we'll know what we should and should not export to our
upstreams. This helps to avoid having to maintain large prefix-lists
on each node.
I'm now st
9 matches
Mail list logo
