[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

p2p addresses for point-to-point connections with customers



Having an iACL format like below, that means that i would have to add at least one extra "permit" entry before the
spoofing entries.

deny MARTIANS/BOGONS
deny SPOOFING
deny PROTOCOLS/PORTS
permit BGP-PEERINGS
permit TUNNELS
deny INFRASTRUCTURE
permit ANY

If that's indeed the case, what non-routing protocols do you allow from/to these type of addresses?
Only specific types of icmp messages?

--
Tassos

Dobbins, Roland wrote on 06/11/2012 14:05:
> On Nov 6, 2012, at 6:32 PM, Tassos Chatzithomaoglou wrote:
>
>> Do you filter them on your border routers (via iACLs)
> Yes.
>
>> and if yes, how?
> The same way you filter any other interface addresses in your iACLs.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> 	  Luck is the residue of opportunity and design.
>
> 		       -- John Milton
>