06-28-2007 09:42 AM - edited 03-03-2019 05:39 PM
Does anyone know of an effective way, other than community strings, to prevent a router with connections to 2 separate BGP AS clouds from passing routing information from one AS to another? I only want these routers to advertise local networks and receive external routes.
I have some branch routers that are connected to 2 separate BGP domains and they occsionally act as hub routers for branch to branch connections.
What is the best way to prevent this? Right now I am thinking that I will need to advertise 2 separate communities and filter based on that but that would require changing the configs in every router.
Any other easier methods would be much preferred.
Solved! Go to Solution.
06-28-2007 09:54 AM
I think you can also use " ip AS-path list " with regular expresion to advertise on the local AS originated routes to the neighbors. This will make sure that the router will advertise only the local originated AS routes and will not become the transit AS for you connected 2 BGP domains. Your BGP as routers will still receive all the external routes from both the neigbors.
Do the following
IP as-path access-list 1 permit ^$
route-map BGP permit 10
match as-path 1
router bgp 65452
neighbor 2.2.2.2
neighbor 2.2.2.2 rouet-map BGP out
Please use the link below for more undertsanding.
HTH,Please rate if it does.
-amit singh
06-28-2007 10:33 AM
Have a look at this link, the section configuring to receive only a default route should help
http://www.cisco.com/warp/public/459/27.html
www.nanog.org/mtg-0110/ppt/smith.pdf
HTH, rate if it does
Narayan
06-28-2007 09:54 AM
I think you can also use " ip AS-path list " with regular expresion to advertise on the local AS originated routes to the neighbors. This will make sure that the router will advertise only the local originated AS routes and will not become the transit AS for you connected 2 BGP domains. Your BGP as routers will still receive all the external routes from both the neigbors.
Do the following
IP as-path access-list 1 permit ^$
route-map BGP permit 10
match as-path 1
router bgp 65452
neighbor 2.2.2.2
neighbor 2.2.2.2 rouet-map BGP out
Please use the link below for more undertsanding.
HTH,Please rate if it does.
-amit singh
06-28-2007 10:33 AM
Have a look at this link, the section configuring to receive only a default route should help
http://www.cisco.com/warp/public/459/27.html
www.nanog.org/mtg-0110/ppt/smith.pdf
HTH, rate if it does
Narayan
06-28-2007 10:35 AM
Thanks to both of you. I will test this out over the weekend but that is exactly what I am looking for.
07-24-2007 05:55 AM
you can also use oubound distribute-lists applied to the neighbor where you specify only the subents you want advertised out to that specific peer.
bgp 65000
network 10.10.10.0 mask 255.255.255.255
network 10.10.20.0 mask 255.255.255.255
neighbor 12.12.12.12 remote-as 25
neighbor 12.12.12.12 distribute-list 10 out
no auto-sumamry
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 10 permit 10.10.20.0 0.0.0.255
If you have both carrier connections into the same router, apply this distribute list to both of your bgp neighbors and you'll only advertise these subnets to them.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: