Adding, deleting or modifying martian addresses – Brocade Multi-Service IronWare Switching Configuration Guide (Supporting R05.6.00) User Manual
Page 853
Multi-Service IronWare Switching Configuration Guide
823
53-1003036-02
Filtering Martian addresses
19
If no match is found, the route is accepted. This will be the case for almost all routes. If a match is
found, the route is discarded (default action - deny), unless the action is set to permit. Martian
address filtering is in addition to normal BGP in-bound route policies.
To enable Martian address filtering, enter the following command.
Brocade(config)# ip martian filtering-on
Syntax: [no] ip martian [vrf name ] filtering-on
The vrf name option applies martian filtering to a specified VRF.
NOTE
Martian address filtering is disabled by default.
When Martian address filtering is first enabled, the device will automatically load the following
default Martian addresses:
* 0.0.0.0/8
* 10.0.0.0/8
* 127.0.0.0/8
* 172.16.0.0/12
* 192.168.0.0/16
* 224.0.0.0/4
* 240.0.0.0/4
Adding, deleting or modifying Martian addresses
As described previously, there are a set number of Martian addresses that are loaded by default
when Martian addressing is enabled. You can add, subtract or modify addresses that are filtered by
martian addressing. Although there is no limit of the number of martian address can be configured,
it’s expected the size of martian address list should be small, generally less than 100. If the user
adds a new martian address after routes are already learnt, they will be taken out of the routing
table. Likewise if the user removes a martian address after routes are deleted from the routing
table, they should be put back into the routing table.
To add an address to the Martian filtering list, use a command such as the following.
Brocade(config)# ip martian 192.168.0.0/16
Syntax: [no] ip martian [ vrf name ] destination-prefix/prefix-length [permit]
The destination-prefix/prefix-length variable specifies the address and the prefix range to apply the
martian filtering to. The matching rule is for prefix range match. It includes exact match, or with a
longer prefix length match. For example, if the Martian address rule is 192.168.0.0/16, then
routes 192.168.0.0/16, and 192.168.1.0/24 are matches. However route 192.0.0.0/8 is not a
match.
The vrf name option applies the modification to the martian filtering list to a specified VRF.
The [no] option removes an address from the martian filtering list.
The [permit] option changes the default action of a martian address filter to permit. In this case, a
route matches the “permit” martian address is accepted by the routing table manager. This option
is only used if a user wants to allow a prefix “hole” in an otherwise denied martian address.
The default Martian addresses are described in: