Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1165
Views
0
Helpful
4
Replies

packet filtering on BGP communities

Go to solution
william jackson
Level 1
Level 1

‎03-05-2013 05:55 AM

Hi all

I want to achieve the following scenario:

I have a BGP feed that gives me routes with community X.

I have an input ACL on an interface.

I want to be able to say:

if src or dst of packet = any route with community x then drop

I can do this with FBF in junos, can I do this on IOS-XR?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Serge Krier
Cisco Employee
Cisco Employee
In response to william jackson

‎03-06-2013 04:09 AM

Hi William,

I think you can use technique similar to RTBH :

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf

by using rpl to set the next-hop to a /32 address statically routed to NULL.

For source address match, you combine this with RPF.

Hope it helps,

Serge.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
serge123
Level 1
Level 1

‎03-05-2013 06:57 PM

Hi,

You could use route policy

Check this link for more details:

http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.0/routing/command/reference/rr3plcy.html#wp1010243

0 Helpful

Go to solution
william jackson
Level 1
Level 1
In response to serge123

‎03-06-2013 12:47 AM

Thanks serge, but this is not what I want.

The route-policy only apply at the routing level, what I want is to packet filter based on routes having certain communities.

0 Helpful

Go to solution
Serge Krier
Cisco Employee
Cisco Employee
In response to william jackson

‎03-06-2013 04:09 AM

Hi William,

I think you can use technique similar to RTBH :

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf

by using rpl to set the next-hop to a /32 address statically routed to NULL.

For source address match, you combine this with RPF.

Hope it helps,

Serge.

0 Helpful

Go to solution
william jackson
Level 1
Level 1
In response to Serge Krier

‎03-06-2013 05:38 AM

Thanks serge

thats just what I need.

0 Helpful
Customers Also Viewed These Support Documents