[afnog] Private IP Filters in bgp

Yasini Kilima ykilima at tra.go.tz
Fri May 25 11:14:22 UTC 2012 

Hello Gurus,

I am trying to create an IP prefix filter to filter bogons Private blocks received from one of my peer provider's announcements.
I know the following filter would help me but surprisingly the last entry of the list doesn't execute, is it the problem of my IOS for my ASBR or what?

ip prefix-list DENY-PRIVATE description Filter bogons
ip prefix-list DENY-PRIVATE deny 0.0.0.0/8
ip prefix-list DENY-PRIVATE deny 10.0.0.0/8
ip prefix-list DENY-PRIVATE deny 127.0.0.0/8
ip prefix-list DENY-PRIVATE deny 169.254.0.0/16
ip prefix-list DENY-PRIVATE deny 172.16.0.0/12
ip prefix-list DENY-PRIVATE deny 192.0.2.0/24
ip prefix-list DENY-PRIVATE deny 192.168.0.0/16
ip prefix-list DENY-PRIVATE deny 240.0.0.0/4
ip prefix-list DENY-PRIVATE permit any

ip prefix-list DENY-PRIVATE permit any (This doesn't execute it gives an error as here below):

INTERNET_LINK(config)#$ist DENY-PRIVATE description Filter bogons
INTERNET_LINK(config)#ip prefix-list DENY-PRIVATE deny 0.0.0.0/8
INTERNET_LINK(config)#ip prefix-list DENY-PRIVATE deny 10.0.0.0/8
INTERNET_LINK(config)#ip prefix-list DENY-PRIVATE deny 127.0.0.0/8
INTERNET_LINK(config)#ip prefix-list DENY-PRIVATE deny 169.254.0.0/16
INTERNET_LINK(config)#ip prefix-list DENY-PRIVATE deny 172.16.0.0/12
INTERNET_LINK(config)#ip prefix-list DENY-PRIVATE deny 192.0.2.0/24
INTERNET_LINK(config)#ip prefix-list DENY-PRIVATE deny 192.168.0.0/16
INTERNET_LINK(config)#ip prefix-list DENY-PRIVATE deny 240.0.0.0/4
INTERNET_LINK(config)#ip prefix-list DENY-PRIVATE permit any
                                                             ^
% Invalid input detected at '^' marker.

INTERNET_LINK(config)#

I am sure of the command to be correct you can correct me if I am wrong,
How can I permit any then
Is it an IOS issue or I am not correct, if that then what should I do in order to permit any
When I apply the list regardless I can't get any bgp routes from that provider even the PUBLIC prefixes but I can receive from other providers the PUBLIC prefixes as usual.

I don't want to receive his PRIVATE prefixes what should I do?

Please help me!

Yasini.

________________________________



DISCLAIMER: This e-mail and any attachments are proprietary to TANZANIA REVENUE AUTHORITY.Any unauthorized use or interception is illegal. The views and opinions expressed are those of the sender, unless clearly stated as being those of TANZANIA REVENUE AUTHORITY. This e-mail is only addressed to the addressee and TANZANIA REVENUE AUTHORITY shall not be responsible for any further publication of the contents of this e-mail. If this e-mail is not addressed to you, you may not copy, print, distribute or disclose the contents to anyone nor act on its contents. If you received this in error, please inform the sender and delete this e-mail from your computer.

More information about the afnog mailing list