From: Bogdan Sass (bogdan.sass@catc.ro)
Date: Tue May 13 2008 - 14:39:11 ART
Bogdan Sass wrote:
> Larry wrote:
>
>> What about prepending??? To play it safe if those were the only 2 I
>> would choose _2$. That would be anything originating in AS2 no matter
>> what they through into the path. If you are neighboring with AS2 you
>> know that they are directly connected... I have been burned before on
>> the prepending!!!
>>
>
> I agree with you there. I thought about prepending also, and I guess
> one could always try (_2)+$ . But this was not among the options presented.
>
> Even Cisco recommends the same approach (ignoring prepending):
>
> http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a92.shtml
>
> If you want to deny all the networks that have originated in AS 4 and
> permit all other routes to enter AS 3 from Router 3, you can apply an
> inbound filter at Router 3, as follows:
>
> ip as-path access-list 1 deny _4$
> ip as-path access-list 1 permit .*
>
Hmmm... I just noticed something - for the exact same phrasing,
Cisco recommends a different solution ( _4$, as opposed to ^4$ ). Am I
missing something here? Wouldn't this (_4$) match all networks received
from AS4?
-- Bogdan Sass CCAI,CCNP,CCSP,JNCIA-ER Information Systems Security Professional "Curiosity was framed - ignorance killed the cat"
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:16 ART