[c-nsp] BGP route won't advertise

Jon Lewis jlewis at lewis.org
Thu Feb 28 13:14:26 EST 2013

On Thu, 28 Feb 2013, Jerry Bacon wrote:

> On 2/27/2013 7:45 PM, Jon Lewis wrote:
>> On Wed, 27 Feb 2013, Jay Hennigan wrote:
>>> You could simplify that to:
>>> ip as-path access-list 10 deny _11xx1_
>>> ip as-path access-list 10 permit .*   <- Dangerous outbound to transit
>>> connections.
>> Or simplify things more by using prefix filters / route-maps on the 
>> customer BGP sessions to deny/accept+tag routes with communities that tell 
>> the rest of your network what to do with the routes (i.e. whether a route 
>> gets advertised to your transit providers, etc.).  That ends up being much 
>> saner as you have smaller filters in more places rather than monster 
>> filters at the border where you'll lose track of why things are there.
> I do have filters on the customer BGP sessions, but I have to disallow his AS 
> from my upstreams, or I become a transit for those routes.

So this is a BGP peering...but you're not providing transit?  We have a 
cummunity string for that.  The above advice still stands.

  Jon Lewis, MCP :)           |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the cisco-nsp mailing list