Does anybody have any suggestions about the best way to manage a
firewall
filter that is based on BGP community attributes?
IE, I have around 12,000 BGP routes in my table with community
65534:10 set.
I would like to write a firewall term something like:
term customers {
from {
source-address community 65534:10;
}
then {
accept;
}
term everybody-else {
then {
discard;
}
}
But of course this doesn't work.
Obviously I could write a script that dumps the BGP table and
creates a prefix list, but this will be a pain to manage
and a lot of config churn. Is something more elegant possible?
Suggestions?
--Joe
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
