[nsp] BGP aggr and cust prefix leakage

[Jeremy Hinton]

	Greetings all. I'm in the process of re-engineering our network setup 
here, using some of the excellent info from cisco's ISP Essentials and the 
BGP Design and Implementation book by Zhang and Bartell. To that end, i've 
put together a test lab setup with a border, core, and edge router and most 
things look OK, but i'm a little confused with what aggregation methods to 
use at the borders to other ISPs. For those of you injecting customer 
prefixes into iBGP (either via network statements or redistribute maps), 
what method are you using to prevent those prefixes from leaking to your 
peers? A couple of possibilities i've come up with:

	1) Traditional network statement + null route. This is what we currently 
do, but currently i'm not carrying customer prefixes in iBGP but in my IGP 
(ugh, i know, thats why i'm moving away from this). Once i start carrying 
customer prefixes in my iBGP, without modfiying my outbound filters i'll 
start leaking them all over the place. If i prefix list filter outbound 
(currently i just AS-path filter outbound), i need to be careful to add any 
blocks i've allocated to customers who have BGP with their own AS. I'm 
thinking maybe filter my announcements to external peers on community tags 
set on my locally injected subnets, and stick with the network + nullroute.

	2) Use an aggregate-address. Of course, to prevent aggregating any 
customer routes in your address space with wih their own AS, you'd have to 
use a supress-map as well.
So this can be a little ugly too.

	At any rate, just wondering what others are doing. Just filtering out your 
local un-aggregated subnets from your announcements to your peers by 
community? Or is there something i'm missing. Any recommendation would be 
most appreciated.

  - jeremy