[c-nsp] Good practices for peering
Gerry Boudreaux
gerry at tape.net
Wed Dec 28 12:46:09 EST 2005
You can also use peer-group format to make the config more readable:
router bgp 1XXX
neighbor JoeBlowCompany peer-group
neighbor JoeBlowCompany remote-as 2XXX
neighbor JoeBlowCompany password PeeringPW
neighbor JoeBlowCompany next-hop-self
neighbor JoeBlowCompany soft-reconfiguration inbound
neighbor JoeBlowCompany prefix-list our-prefixes out
neighbor JoeBlowCompany prefix-list their-prefixes-in in
neighbor W.X.Y.Z peer-group JoeBlowCompany
and the prefix lists look like this:
ip prefix-list our-prefixes description our Prefixes to distribute
ip prefix-list our prefixes seq 5 permit 10.1.1.0/24
ip prefix-list our-prefixes seq 10 permit 192.168.1.0/24
ip prefix-list our-prefixes seq 15 permit 10.5.2.0/23
ip prefix-list our-prefixes seq 2000 deny 0.0.0.0/0
Note: Keeping the prefix lists up to date is a manual (or easily
automated) process, but if you are small, with just a few peers,
manual will work for you, and gives you exact granularity of what you
announce and what you accept. The sequence numbers makes it easy to
add rules when you need to.
Just another way to do it.
G
On Dec 28, 2005, at 9:53 AM, Vincent De Keyzer wrote:
> Hi,
>
>
>
> what are the configuration good practices when setting-up a peering
> with
> another AS ?
>
>
>
> I would do something like this:
>
>
>
> router bgp <my_as>
>
> neighbor 194.88.108.33 remote-as <his_as>
>
> neighbor 194.88.108.33 password <some-password>
>
> neighbor 194.88.108.33 soft-reconfiguration inbound
>
> neighbor 194.88.108.33 filter-list 1 out
>
> neighbor 194.88.108.33 filter-list 2 in
>
>
>
> ip as-path access-list 1 permit ^$
>
>
>
> ip as-path access-list 2 permit ^<his_as>$
>
>
>
> List 1 is to announce only my routes; list 2 is to make sure that
> the other
> guy does not leak any route towards me.
>
>
>
> Does it look good?
>
>
>
> Vincent
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list