[afnog] Private IP Filters in bgp

Maina Noah noah at neo.co.tz
Fri May 25 12:05:17 UTC 2012


> Message: 3
> Date: Fri, 25 May 2012 11:14:22 +0000
> From: Yasini Kilima <ykilima at tra.go.tz>
> To: "afnog at afnog.org" <afnog at afnog.org>
> Subject: [afnog] Private IP Filters in bgp

> Hello Gurus,

Hello Yasin,

> I am trying to create an IP prefix filter to filter bogons Private blocks
> received from one of my peer provider's announcements.

Great.

> I don't want to receive his PRIVATE prefixes what should I do?

Create the access-list like example below that will match the above
distribute list defined in ur bgp config.

access-list 100 remark RFC1918-Bogon-prefixes
access-list 100 deny   ip host 0.0.0.0 any
access-list 100 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 deny   ip 169.254.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 deny   ip 17.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 100 deny   ip 192.168.0.0 0.0.255.255 255.255.255.0 0.0.0.255
access-list 100 deny   ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 deny   ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
access-list 100 deny   ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 100 permit ip any any

Then, under your bgp config mode, define a distribute list like;

router bgp xyz
 neighbor a.b.c.d distribute-list 100 in

> Please help me!

I hope the above will help.

> Yasini.
>

./noah maina





More information about the afnog mailing list