[6bone] In the summer time, we got cleaning to do... Where is
UUNET?
Nicolas DEFFAYET
nicolas.deffayet@ndsoftware.net
27 Aug 2002 16:25:57 +0200
On Tue, 2002-08-27 at 14:42, Gert Doering wrote:
Hi,
> On Sat, Aug 03, 2002 at 06:20:12PM +0200, Nicolas DEFFAYET wrote:
> > ipv6 prefix-list ipv6-ebgp-full-in permit 3ffe::/18 ge 24 le 24
> > ipv6 prefix-list ipv6-ebgp-full-in permit 3ffe:4000::/18 ge 32 le 32
> > ipv6 prefix-list ipv6-ebgp-full-in permit 3ffe:8000::/22 ge 28 le 28
> > ipv6 prefix-list ipv6-ebgp-full-in permit 2001::/16 ge 29 le 35
> > ipv6 prefix-list ipv6-ebgp-full-in permit 2002::/16
> > ipv6 prefix-list ipv6-ebgp-full-in deny 0::/0
> >
> > You can deny your prefix too.
>
> Just want to add a detail here - your "deny 0::0/0" line is actually only
> denying an exact match on the default route. All other routes are denied
> implicitely (by falling off the end of the list).
>
> To deny everything explicitely, you can use:
>
> ipv6 prefix-list ipv6-ebgp-full-in deny 0::/0 le 128
Thanks for your remark.
I update my prefix-list.
>
>
> I've also started collecting example filter lists that people could use
> as a starting point on http://www.space.net/~gert/RIPE/ipv6-filters.html
> - if you see anything that's blatantly wrong, or just missing, please
> point it out to me.
>
For Juniper (JunOS):
policy-statement ipv6_ebgp {
term a {
from {
protocol bgp;
route-filter 3ffe::/18 upto /24;
route-filter 3ffe:4000::/18 upto /32;
route-filter 3ffe:8000::/22 upto /28;
route-filter 2001::/16 upto /35;
route-filter 2002::/16 exact;
}
then {
accept;
}
}
term b {
then {
reject;
}
}
}
Please correct my policy-statement if it's wrong.
Best Regards,
Nicolas DEFFAYET