Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FW: router startup behavior

  • From: Stephen Griffin
  • Date: Fri Jan 18 16:07:33 2002

In the referenced message, Jared Mauch said:
> 
> 	You may want to consider using tftp/rcp/whatnot loaded
> files for this.
> 
> 	As it loads [most if not all depending on the config length] all
> of the config then parses it promptly.
> 
> 	this will prevent leakage in rare cases.
> 
> 	- jared

I have noted that even tftp-loaded files run the risk of a BGP scan
occuring between the parsing of "no access-list foo" and the parsing
of the first "access-list foo" line. It appears Brand C takes the
non-existance of an access-list to mean "implicit permit". I think this
is probably the source of much of the seen mini-leaks.

As someone else mentioned, prefix-lists (again brand C) do allow for
insertion and deletion of individual items at "any" point in the list,
so may be a good workaround. However, if you are doing anything at all
"interesting" in your acls, it becomes a lot more difficult to translate
over to prefix-lists.

One major item that seems missing is the ability to match less-specifics.
There are certain instances when this would be really nifty. Brand C
extended acls, and Brand J prefix-lists seem to be able to partially cover
this, but not perfectly.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.