[c-nsp] BGP question : What's the best way for filtering outgoing prefixes?
Jay Nakamura
zeusdadog at gmail.com
Thu Aug 18 16:00:52 EDT 2011
This is a bit complicated. Let's say we are provider X. X is
connected to transit provider A and B. X currently uses prefix-list
to filter outgoing BGP announcement.
We are now getting a customer that wants to multi-home, so their
transit provider is X and C. We gave them a /24 from our block, let's
call it IP1.
I was simulating how I should configure our routers so it was secure
and did all the right things when I noticed IP1 route coming in from
provider A is getting advertised to provider B through us. It makes
sense since it passes our outgoing prefix list. (So, AS path was
"AS_X AS_A AS_Customer" into provider B)
What's the best way to prevent this? Here are the two options I was
thinking of doing
Option 1
Set all routes learned from A and B with unique community, and filter
out any routes with that community for outgoing routes to A and B.
Option 2
Filter on AS-Path for routes going out A and B with
<AS-X>$
<AS-X>_(<AS_CUSTOMER>)+_$
(I think, I haven't looked closely at AS path syntax)
With Option 1, I don't have to do anything when we add another BGP
customer but not sure what the overhead of tagging all routes coming
in with community is. With Option 2, I have to edit the AS-path every
time we add a customer.
Is there a better option?
More information about the cisco-nsp
mailing list