[c-nsp] BGP question : What's the best way for filtering outgoingprefixes?

Scott Granados scott at granados-llc.net
Thu Aug 18 23:56:47 EDT 2011 

Actually, you shouldn't need network statements even for your own 
origination if you redistributed static and connected and have the 
appropriate tie down routes.  You also tag your internal traffic (/30s etc) 
again with a different community and obviously not announce that where it's 
not needed.  You can create prefix-lists, something like

ip prefix-list our-cidr seq 5 a.b.c.d/19

and the matching internaly only using the x le y sets and you should be good 
although as in all things, there are more than one right answer.  I'm just a 
big believer in keeping the keystrokes to a minimum where possible, removes 
the possibility for fat finger errors which I don't know about you but have 
burned me more than once.:)


    Tropical storms in the South East, hmmm.  I need to get ready for these 
myself considering I just moved from California to the south east US.  I've 
got to say this doesn't surprise me.  I've seen operators, especially cable 
providers use prefix lists in the most inappropriate ways.  I guess you do 
what you know but wow!

-----Original Message----- 
From: Jon Lewis
Sent: Thursday, August 18, 2011 6:48 PM
To: Jay Nakamura
Cc: cisco-nsp
Subject: Re: [c-nsp] BGP question : What's the best way for filtering 
outgoingprefixes?

On Thu, 18 Aug 2011, Scott Granados wrote:

> Go with option A, community tags are your friend.  It also removes the 
> need
> for any network statements in your config thus reducing the work in the 
> long
> term.

You'll probably still need some network statements in your config at least
for all your own routes.

The best part about using community tags for BGP filtering are, you only
have to setup an appropriate route-map/prefix-list on the router servicing
the BGP customer.  Once you receive/accept their route and tag it on that
router, the rest of your network knows what to do with it based on the
community tag.

I was absolutely shocked the last time I helped a customer turn up BGP
with a (primarily cable) transit provider, and was told that the turnup
was being held up because it required updating prefix filters on their
core routers, and they could only do that during a maintenance window and
they weren't allowed to schedule any maintenance windows because a
tropical storm was threatening to impact the SE US.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list