[c-nsp] BGP export filter config help

Nick Hilliard nick at foobar.org
Thu Jul 11 06:58:22 EDT 2013

On 10/07/2013 23:38, Roger Ramjet wrote:
> What is needed is,  I need the SP to send me all of their local routes,
> aggregated of course,  customer routes and customer attached routes across
> our gigE peering connection.   They have 4 different AS’s internally from
> acquisitions.  I do not want their transit routes (1299,3356,701) as I have
> my own transit that I prefer and while they send me these free routes, they
> have their own congestion issues that I don’t have with my transit.

Your upstream needs to build a routing policy which uses bgp community tags
to mark prefixes which are received by peering, transit or customers, and a
separate set of tags for their ibgp requirements.  Once they've done that,
sending you a partial feed from any or all of their transits / peers /
customers is trivial.

> Currently they are sending me about 80k routes and they are sending me all
> routes that are /22 and greater which pushes most of the local routes to
> transit as they don’t export to me because they are smaller than /22.

that sounds very screwed up.

> Given all this, when done, I should see about  16k routes from the SP, from
> 4 different AS’s internally  perhaps I will see them as  65555 65552
> (hypothetical AS's) or I may see routes from 65555 and also from 65552 as
> originating AS. I am expecting to see lots of /27,/28 routes, but that
> takes care of their customers that are being exported into bgp from their
> internal ospf.

/me shudders

They could send you a list of prefixes which filters out
(_1299_|_3356_|_701_), but that's a pretty crappy way of handling this
requirement because it doesn't scale, it's slow as all hell and it's not
going to filter out their ibgp trash.  Or you could do the same, but it's
still a poor second cousin to having a properly configured transit network.

Realistically, they need a proper transit management policy on their
network.  If they need help with this, they should get third party advice
and training.  It's not difficult to do, but it requires a different way of
thinking about their connectivity requirements.


More information about the cisco-nsp mailing list