I think you'll find that your router's CPU will be happier if you just dump
the 1918 networks to the bit bucket on your border routers with a static
route via interface Null0:
ip route 10.0.0.0 255.0.0.0 null0
ip route 127.0.0.0 255.0.0.0 null0
etc.
Considering resource utilization on the router, it is cheaper to do a
routing table look-up than it is to do ACLs. Also, when you're doing
outbound filtering on the router, you have to do a routing table lookup
first before you can do outbound filtering. Save a step and just do the
routing table lookup.
Randy
I think you'll find that your router's CPU will be happier if you just dump
the 1918 networks to the bit bucket on your border routers with a static
route via interface Null0:
Access-lists like this can also be used for filtering incoming BGP updates.
Bill et al. are referring to this rather than to inbound packet filtering.
The rest of the configuration goes something along the lines of:
router bgp xxxx
neighbor x.y.z.w distribute-list 100 in
If you're using default-free routing, this will prevent the prefixes from
appearing in your routing table, and the networks will be unreachable. The
routing entries will also not be propagated any further than necessary.
Nick