[afnog] Private IP Filters in bgp
Maina Noah
noah at neo.co.tz
Fri May 25 12:05:17 UTC 2012
> Message: 3
> Date: Fri, 25 May 2012 11:14:22 +0000
> From: Yasini Kilima <ykilima at tra.go.tz>
> To: "afnog at afnog.org" <afnog at afnog.org>
> Subject: [afnog] Private IP Filters in bgp
> Hello Gurus,
Hello Yasin,
> I am trying to create an IP prefix filter to filter bogons Private blocks
> received from one of my peer provider's announcements.
Great.
> I don't want to receive his PRIVATE prefixes what should I do?
Create the access-list like example below that will match the above
distribute list defined in ur bgp config.
access-list 100 remark RFC1918-Bogon-prefixes
access-list 100 deny ip host 0.0.0.0 any
access-list 100 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 deny ip 169.254.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 deny ip 17.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 100 deny ip 192.168.0.0 0.0.255.255 255.255.255.0 0.0.0.255
access-list 100 deny ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
access-list 100 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 100 permit ip any any
Then, under your bgp config mode, define a distribute list like;
router bgp xyz
neighbor a.b.c.d distribute-list 100 in
> Please help me!
I hope the above will help.
> Yasini.
>
./noah maina
More information about the afnog
mailing list