Does anyone know of an effective way, other than community strings, to prevent a router with connections to 2 separate BGP AS clouds from passing routing information from one AS to another? I only want these routers to advertise local networks and receive external routes.
I have some branch routers that are connected to 2 separate BGP domains and they occsionally act as hub routers for branch to branch connections.
What is the best way to prevent this? Right now I am thinking that I will need to advertise 2 separate communities and filter based on that but that would require changing the configs in every router.
Any other easier methods would be much preferred.
I think you can also use " ip AS-path list " with regular expresion to advertise on the local AS originated routes to the neighbors. This will make sure that the router will advertise only the local originated AS routes and will not become the transit AS for you connected 2 BGP domains. Your BGP as routers will still receive all the external routes from both the neigbors.
Do the following
IP as-path access-list 1 permit ^$
route-map BGP permit 10
match as-path 1
router bgp 65452
neighbor 18.104.22.168 rouet-map BGP out
Please use the link below for more undertsanding.
HTH,Please rate if it does.