[c-nsp] Sample IOSXR RPL for small ISP

Charles Monson monson at wins.net
Fri Nov 13 10:57:01 EST 2015 

The syntax may not be exactly correct, but the below gives a rough outline of a relatively simple setup using communities. You can use a prefix-set or as-path-set with all the prefixes/asns you advertise to filter outbound to transit instead of communities (or in addition to), but communities will scale better in the long run. There may be better ways to do it but this should give a good start.

--- Apply to customer(s) ---

Route-policy fulltable-out
    If destination in bogons then
        Drop
    elseif community matches-any ( "LOCALPREFIX", "CUSTPREFIX", "PEERPREFIX, "TRANSITPREFIX" ) then
        Pass
    Endif
End-policy

Route-policy asCUSTASN-in
    If destination in asCUSTASN then
         Set community CUSTPFX
    Endif
End-policy

Prefix-set asCUSTASN
    CUS.PFX.A.0/20 le 24,
    CUS.PFX.B.0/24,
    Etc...
End-set

--- Apply to Transit ---

Route-policy transit-in
    If destination in bogons then
        Drop
    Else
         Set community TRANSITPREFIX
    endif
End-policy

Route-policy transit-out
    If destination in bogons then
        Drop
    elseif community matches-any ( "LOCALPREFIX", "CUSTPREFIX" ) then
        Pass
    endif
End-policy

prefix-set bogons
  0.0.0.0/8 le 32,
  10.0.0.0/8 le 32,
  100.64.0.0/10 le 32,
  127.0.0.0/8 le 32,
  169.254.0.0/16 le 32,
  172.16.0.0/12 le 32,
  192.0.0.0/24 le 32,
  192.0.2.0/24 le 32,
  192.168.0.0/16 le 32,
  198.18.0.0/15 le 32,
  198.51.100.0/24 le 32,
  203.0.113.0/24 le 32,
  224.0.0.0/4 le 32,
  240.0.0.0/4 le 32,
  0.0.0.0/0 ge 25
end-set

-Charles

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Carter, Bill
Sent: Friday, November 6, 2015 10:59 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Sample IOSXR RPL for small ISP

I am setting up a pair of Cisco ASRs for an small ISP. Each ASR has a connection to an upstream ISP. The ASRs are also connected to downstream customers with BGP. I am looking for some sample route-policies. The route policies should prevent the ISP from becoming transit for the entire Internet, but still be transit for the downstream customers.


Bill Carter
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list