[c-nsp] BGP Filter - Best Practice

[Tony Tauber]

Explicit prefix-lists should be used at the PE (customer edge).
If some control is desired after that (or you foresee ever desiring same),
tag the routes inbound on the customer edge with communities and control
redistribution by filtering based on communities either internally or
outbound to other BGP neighbors.

Tony


On Wed, Apr 17, 2013 at 3:35 PM, Ahmed Hilmy <hilmy.aa at gmail.com> wrote:

> Hello Nick,
>
> Thanks for your reply, i am totally agree with you.
>
> Regards,
> Ahmed
>
>
> On Tue, Apr 16, 2013 at 9:12 PM, Nick Hilliard <nick at foobar.org> wrote:
>
> > On 15/04/2013 21:44, Ahmed Hilmy wrote:
> > > I am using Prefix-list and as-path for BGP filter.
> > > But if i  apply Prefix-list as inbound filter at PE, then from PE to
> RR (
> > > Route Reflector ) i apply as-path filter, i think it is more scalable
> > than
> > > modify Prefix-list continuously ? or use community ?
> > > If my question not clear please ask me.
> >
> > it depends.
> >
> > Prefix lists are very fast because they are implemented as a trie, and it
> > is very fast to look up an entry in a trie.
> >
> > Community lists can be fast (standard, i.e. integer comparison) or slow
> > (extended, i.e. regular expression).
> >
> > as-path lists are slow because they use regular expressions.
> >
> > If you need to filter BGP updates, it is usually fastest to use prefix
> > lists or standard community lists.  It makes little difference whether
> you
> > use extended communities or as-path lists - both are slow.
> >
> > Nick
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>