On 17/05/2008, at 5:30 PM, Matthew Moyle-Croft wrote: >> If you really need to, you can get a similar effect by using >> ASPATH poisoning; just prepend your AS paths with the ASes you >> don't want those prefixes hitting. >> >> .. >> Nothing really about how it works in a MLPA IXP though. >> > It'd work, but it's a pretty evil thing to do and it's a fairly easy > to get around surely (neighbor 1.1.1.1 allowas-in on IOS).
"If you really need to". Geoff's thing also says "controversial". If the foreign AS really wants to send you routes that way, they can do it regardless of how you stop your advertisements being accepted by/ reaching them. We're hardly talking high security here. ip route <prefix> <netmask> 1.1.1.1 works a treat. -- Nathan Ward _______________________________________________ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
