[c-nsp] BGP next-ASN check built-in ?

Brian Turnbow b.turnbow at twt.it
Mon Apr 11 10:36:33 EDT 2011


Hi

See in-line

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of tim
> Sent: lunedì 11 aprile 2011 11:17
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] BGP next-ASN check built-in ?
> 
> Hi list,
> 
> I thought I had read something about that but cannot find the pointers
> anymore:
> 
> Does the Cisco default-configuration check in BGP inbound announcements,
> if the first ASN of the AS path is the ASN which is configured as
> "neighbor ... remote-as"?

Yes, you can disable it with no bgp-enforce-first-as globally for BGP.




> 
> Example, is the following check built-in the BGP code and therefore not
> needed to configure:
> 
> """
> router bgp 65001
>  neighbor 129.168.1.1 remote as 65002
>  ...
>  neighbor 129.168.1.1 filter-list 1 in
> !
> ip as-path access-list 1 permit ^65002_
> ip as-path access-list 1 deny .*
> """
> 
> If so, at some exchange-points there are route-servers which strip their
> own ASN out of the path.  How would one configure such a setup from the
> client side?

Using the command above will accept the route-server announcements.
Then use your filters to decide what to accept from the route servers.

HTH 

Brian

> 
> Thanks in advance,
> -tim
> --
> tim at haitabu.net
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


---
This e-mail is intended only for the addressee named above. 
As this e-mail may contain confidential or privileged information, 
if you are not the named addressee, you are not authorized to retain, read, 
copy or disseminate this message or any part of it.   
 
Please consider your environmental responsibility before printing this e-mail.




More information about the cisco-nsp mailing list