[c-nsp] BGP route won't advertise
Jon Lewis
jlewis at lewis.org
Wed Feb 27 22:45:13 EST 2013
On Wed, 27 Feb 2013, Jay Hennigan wrote:
> On 2/27/13 4:07 PM, Jerry Bacon wrote:
>
>> I've tried with and without next-hop-self on R3, it doesn't seem to make
>> any difference.
>
>> ip as-path access-list 10 permit ^11xx1
>> ip as-path access-list 10 deny _11xx1_
>> ip as-path access-list 10 permit .*
>
> You could simplify that to:
>
> ip as-path access-list 10 deny _11xx1_
> ip as-path access-list 10 permit .* <- Dangerous outbound to transit
> connections.
Or simplify things more by using prefix filters / route-maps on the
customer BGP sessions to deny/accept+tag routes with communities that tell
the rest of your network what to do with the routes (i.e. whether a route
gets advertised to your transit providers, etc.). That ends up being much
saner as you have smaller filters in more places rather than monster
filters at the border where you'll lose track of why things are there.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list