[nsp] BGP aggr and cust prefix leakage
Jeremy Hinton
jgh at cablemonkey.com
Mon Mar 22 17:41:30 EST 2004
Greetings all. I'm in the process of re-engineering our network setup
here, using some of the excellent info from cisco's ISP Essentials and the
BGP Design and Implementation book by Zhang and Bartell. To that end, i've
put together a test lab setup with a border, core, and edge router and most
things look OK, but i'm a little confused with what aggregation methods to
use at the borders to other ISPs. For those of you injecting customer
prefixes into iBGP (either via network statements or redistribute maps),
what method are you using to prevent those prefixes from leaking to your
peers? A couple of possibilities i've come up with:
1) Traditional network statement + null route. This is what we currently
do, but currently i'm not carrying customer prefixes in iBGP but in my IGP
(ugh, i know, thats why i'm moving away from this). Once i start carrying
customer prefixes in my iBGP, without modfiying my outbound filters i'll
start leaking them all over the place. If i prefix list filter outbound
(currently i just AS-path filter outbound), i need to be careful to add any
blocks i've allocated to customers who have BGP with their own AS. I'm
thinking maybe filter my announcements to external peers on community tags
set on my locally injected subnets, and stick with the network + nullroute.
2) Use an aggregate-address. Of course, to prevent aggregating any
customer routes in your address space with wih their own AS, you'd have to
use a supress-map as well.
So this can be a little ugly too.
At any rate, just wondering what others are doing. Just filtering out your
local un-aggregated subnets from your announcements to your peers by
community? Or is there something i'm missing. Any recommendation would be
most appreciated.
- jeremy
More information about the cisco-nsp
mailing list