Orbit

Group,

For about 2 years now our upstream provider has had an access-list in place on their router (Cisco 7500 series) to prevent unwanted traffic choking our thin 64 Kbps link.

It looked like this; (IP's are an example).

access-list 101 permit ip any host 202.298.224.1 access-list 101 permit ip any host 202.198.224.2 access-list 101 permit ip any host 202.198.224.65 access-list 101 permit ip any host 202.198.224.66 access-list 101 permit ip any host 202.198.224.68 access-list 101 permit ip any host 202.198.224.70 access-list 101 permit ip any host 202.198.224.72 access-list 101 permit ip any host 202.198.224.129 access-list 101 permit ip any host 202.198.224.130 access-list 101 permit ip any 202.198.225.0 0.0.0.63 access-list 101 deny ip any any

After maintenance to their router last Sunday I have been seeing traffic to all the IP's in the 202.198.224.0/23 range. About 30 emails to their 'help desk' later, they are proposing the following; (They still haven't explained why the original access-list is either missing or not working!)

*********************************************** The approach of static route protection is shown as follows

Ip route 203.98.224.0/24 null 0 Ip route 203.98.225.0/25 null 0

Announce the ip blocks, 203.98.224.0/24 and 203.98.225.0/24 to internet

Ip route 202.198.224.1/32 intf xxx 34..59.127.38 Ip route 202.198.224.2/32 intf xxx 34.59.127.38 Ip route 202.198.224.65/32 intf xxx 34.59.127.38 Ip route 202.198.224.66/32 intf xxx 34.59.127.38 Ip route 202.198.224.68/32 intf xxx 34.59.127.38 Ip route 202.198.224.70/32 intf xxx 34.59.127.38 Ip route 202.198.224.72/32 intf xxx 34.59.127.38 Ip route 202.198.224.129/32 intf xxx 34.59.127.38 Ip route 202.198.224.130/32 intf xxx 34.59.127.38

Ip route 202.198.225.0/26 intf xxx 34.59.127.38 **********************************************

As I've had no experience with this approach I'd appreciate if someone can let me know if this will work.

Thanks,

Jon