Reflexive ACL and CBAC : Traffic locally generated (BGP)

From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Fri Feb 13 2009 - 09:44:10 ARST

• Next message: Haloween Boy: "Triple & Quad CCIE's"
• Previous message: Antonio Soares: "RE: CCIE Hall of Fame has been moved"
• Next in thread: Edouard Zorrilla: "Re: Reflexive ACL and CBAC : Traffic locally generated (BGP)"
• Maybe reply: Edouard Zorrilla: "Re: Reflexive ACL and CBAC : Traffic locally generated (BGP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

We know that locally generated traffic is not affected by outbound
access-lists. This means that the local BGP traffic going out will not be
subject to the reflection of the ACL, hence when evaluation occurs inbound the
return BGP session will be denied.

In the LAB:

If I am asked to run into RACL or CBAC,

1.-
Should I use local policy routing, as this forces the traffic to be treated as
transit traffic and so it is reflected by outbound access-list ?

or

2.-
Should I fix this statically permit the session back inbound with a specific
ACLs ?

Any advice would be appreciated !

Thanks,

Blogs and organic groups at http://www.ccie.net

• Next message: Haloween Boy: "Triple & Quad CCIE's"
• Previous message: Antonio Soares: "RE: CCIE Hall of Fame has been moved"
• Next in thread: Edouard Zorrilla: "Re: Reflexive ACL and CBAC : Traffic locally generated (BGP)"
• Maybe reply: Edouard Zorrilla: "Re: Reflexive ACL and CBAC : Traffic locally generated (BGP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST