[c-nsp] BGP route won't advertise
Jerry Bacon
wireless at starbeam.com
Thu Feb 28 12:10:09 EST 2013
On 2/27/2013 7:45 PM, Jon Lewis wrote:
> On Wed, 27 Feb 2013, Jay Hennigan wrote:
>>
>> You could simplify that to:
>>
>> ip as-path access-list 10 deny _11xx1_
>> ip as-path access-list 10 permit .* <- Dangerous outbound to transit
>> connections.
>
> Or simplify things more by using prefix filters / route-maps on the
> customer BGP sessions to deny/accept+tag routes with communities that
> tell the rest of your network what to do with the routes (i.e. whether
> a route gets advertised to your transit providers, etc.). That ends
> up being much saner as you have smaller filters in more places rather
> than monster filters at the border where you'll lose track of why
> things are there.
>
I do have filters on the customer BGP sessions, but I have to disallow
his AS from my upstreams, or I become a transit for those routes.
--
Jerry Bacon
Senior Network Engineer
More information about the cisco-nsp
mailing list