[c-nsp] BGP question : What's the best way for filtering outgoing prefixes?

Jay Nakamura zeusdadog at gmail.com
Thu Aug 18 16:00:52 EDT 2011


This is a bit complicated.  Let's say we are provider X.  X is
connected to transit provider A and B.  X currently uses prefix-list
to filter outgoing BGP announcement.

We are now getting a customer that wants to multi-home, so their
transit provider is X and C.  We gave them a /24 from our block, let's
call it IP1.

I was simulating how I should configure our routers so it was secure
and did all the right things when I noticed IP1 route coming in from
provider A is getting advertised to provider B through us.  It makes
sense since it passes our outgoing prefix list.  (So, AS path was
"AS_X AS_A AS_Customer" into provider B)

What's the best way to prevent this?  Here are the two options I was
thinking of doing

Option 1
Set all routes learned from A and B with unique community, and filter
out any routes with that community for outgoing routes to A and B.

Option 2
Filter on AS-Path for routes going out A and B with
<AS-X>$
<AS-X>_(<AS_CUSTOMER>)+_$
(I think, I haven't looked closely at AS path syntax)

With Option 1, I don't have to do anything when we add another BGP
customer but not sure what the overhead of tagging all routes coming
in with community is.  With Option 2, I have to edit the AS-path every
time we add a customer.

Is there a better option?


More information about the cisco-nsp mailing list