[nsp] BGP community policies
Nick Kraal
nick at arc.net.my
Thu Apr 17 18:41:03 EDT 2003
Would appreciate if someone can shed some light on this issue we are facing.
We have this network scenario.
1. AS1 has all bilateral peering interconnections.
2. AS2 has all transit interconnections.
3. CustomerA is connected to AS1
4. CustomersB & C are connected to AS2
Policy wise we need to configure for the following:
1. CustomerA can utilize all the peering services from AS1 and transit
services from AS2.
2. CustomerB can utilize all transit services from AS2 and select peering
interconnections from AS1.
3. CustomerC can only utilize the transit services form AS2 and none peering
from AS1.
We have tried coloring with communities between the ASes and then utilizing
route-maps to propagate the policies above in the respective customer BGP
sessions. Works fine until the customer then installs a default-route as a
fail-safe mechanism.
So although PeerA and PeerB announcements are filtered to CustC, a default
route in CustC router for example, can route packets to PeerA and PeerB to
the AS1 router. This is possible especially when the prefix of PeerA via the
peering and transit links will be installed in the AS2 border router.
Because of the as_path attribute the packets will be sent to AS1 and routed
to PeerA. The problem is that as this is a peering arrangement and the
packets originating from CustC will be dropped.
Any ideas on how to have the prefixes of PeerA in the AS2 routing table
learnt from both the peering and transit BGP session. But since there is no
agreement on CustC routes via the peering, the packet will be sent via the
transit links.
Gets more interesting if we are trying the implement policy number 2 above.
Would appreciate any kind of hint/website/full complete answer.
PeerA TransA
| |
+---+ +----+
CustA-|AS1|----|AS2|-TransB
+---+ +----+
| | \
PeerB CustB CustC
Thanks in advance.
-nick kraal/
More information about the cisco-nsp
mailing list