[c-nsp] BGP route won't advertise
Jon Lewis
jlewis at lewis.org
Thu Feb 28 13:14:26 EST 2013
On Thu, 28 Feb 2013, Jerry Bacon wrote:
> On 2/27/2013 7:45 PM, Jon Lewis wrote:
>> On Wed, 27 Feb 2013, Jay Hennigan wrote:
>>>
>>> You could simplify that to:
>>>
>>> ip as-path access-list 10 deny _11xx1_
>>> ip as-path access-list 10 permit .* <- Dangerous outbound to transit
>>> connections.
>>
>> Or simplify things more by using prefix filters / route-maps on the
>> customer BGP sessions to deny/accept+tag routes with communities that tell
>> the rest of your network what to do with the routes (i.e. whether a route
>> gets advertised to your transit providers, etc.). That ends up being much
>> saner as you have smaller filters in more places rather than monster
>> filters at the border where you'll lose track of why things are there.
>>
>
> I do have filters on the customer BGP sessions, but I have to disallow his AS
> from my upstreams, or I become a transit for those routes.
So this is a BGP peering...but you're not providing transit? We have a
cummunity string for that. The above advice still stands.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list