[c-nsp] BGP Filter - Best Practice

Ahmed Hilmy hilmy.aa at gmail.com
Fri Apr 19 02:04:59 EDT 2013 

Hello Tony,

Thanks for your email, yes community is best way to filter BGP session
prefixes inside Backbone.

Regards,
Ahmed


On Fri, Apr 19, 2013 at 7:16 AM, Tony Tauber <ttauber at 1-4-5.net> wrote:

> Explicit prefix-lists should be used at the PE (customer edge).
> If some control is desired after that (or you foresee ever desiring same),
> tag the routes inbound on the customer edge with communities and control
> redistribution by filtering based on communities either internally or
> outbound to other BGP neighbors.
>
> Tony
>
>
> On Wed, Apr 17, 2013 at 3:35 PM, Ahmed Hilmy <hilmy.aa at gmail.com> wrote:
>
>> Hello Nick,
>>
>> Thanks for your reply, i am totally agree with you.
>>
>> Regards,
>> Ahmed
>>
>>
>> On Tue, Apr 16, 2013 at 9:12 PM, Nick Hilliard <nick at foobar.org> wrote:
>>
>> > On 15/04/2013 21:44, Ahmed Hilmy wrote:
>> > > I am using Prefix-list and as-path for BGP filter.
>> > > But if i  apply Prefix-list as inbound filter at PE, then from PE to
>> RR (
>> > > Route Reflector ) i apply as-path filter, i think it is more scalable
>> > than
>> > > modify Prefix-list continuously ? or use community ?
>> > > If my question not clear please ask me.
>> >
>> > it depends.
>> >
>> > Prefix lists are very fast because they are implemented as a trie, and
>> it
>> > is very fast to look up an entry in a trie.
>> >
>> > Community lists can be fast (standard, i.e. integer comparison) or slow
>> > (extended, i.e. regular expression).
>> >
>> > as-path lists are slow because they use regular expressions.
>> >
>> > If you need to filter BGP updates, it is usually fastest to use prefix
>> > lists or standard community lists.  It makes little difference whether
>> you
>> > use extended communities or as-path lists - both are slow.
>> >
>> > Nick
>> >
>> >
>> > _______________________________________________
>> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/cisco-nsp
>> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>> >
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>

More information about the cisco-nsp mailing list