Solved: Preventing route loops with BGP

bgibson · ‎06-28-2007

Does anyone know of an effective way, other than community strings, to prevent a router with connections to 2 separate BGP AS clouds from passing routing information from one AS to another? I only want these routers to advertise local networks and receive external routes.

I have some branch routers that are connected to 2 separate BGP domains and they occsionally act as hub routers for branch to branch connections.

What is the best way to prevent this? Right now I am thinking that I will need to advertise 2 separate communities and filter based on that but that would require changing the configs in every router.

Any other easier methods would be much preferred.

Amit Singh · ‎06-28-2007

I think you can also use " ip AS-path list " with regular expresion to advertise on the local AS originated routes to the neighbors. This will make sure that the router will advertise only the local originated AS routes and will not become the transit AS for you connected 2 BGP domains. Your BGP as routers will still receive all the external routes from both the neigbors.

Do the following

IP as-path access-list 1 permit ^$

route-map BGP permit 10

match as-path 1

router bgp 65452

neighbor 2.2.2.2

neighbor 2.2.2.2 rouet-map BGP out

Please use the link below for more undertsanding.

HTH,Please rate if it does.

-amit singh

View solution in original post

royalblues · ‎06-28-2007

Have a look at this link, the section configuring to receive only a default route should help

http://www.cisco.com/warp/public/459/27.html

www.nanog.org/mtg-0110/ppt/smith.pdf

HTH, rate if it does

Narayan

View solution in original post

Amit Singh · ‎06-28-2007

I think you can also use " ip AS-path list " with regular expresion to advertise on the local AS originated routes to the neighbors. This will make sure that the router will advertise only the local originated AS routes and will not become the transit AS for you connected 2 BGP domains. Your BGP as routers will still receive all the external routes from both the neigbors.

Do the following

IP as-path access-list 1 permit ^$

route-map BGP permit 10

match as-path 1

router bgp 65452

neighbor 2.2.2.2

neighbor 2.2.2.2 rouet-map BGP out

Please use the link below for more undertsanding.

HTH,Please rate if it does.

-amit singh

royalblues · ‎06-28-2007

Have a look at this link, the section configuring to receive only a default route should help

http://www.cisco.com/warp/public/459/27.html

www.nanog.org/mtg-0110/ppt/smith.pdf

HTH, rate if it does

Narayan

bgibson · ‎06-28-2007

Thanks to both of you. I will test this out over the weekend but that is exactly what I am looking for.

quistn · ‎07-24-2007

you can also use oubound distribute-lists applied to the neighbor where you specify only the subents you want advertised out to that specific peer.

bgp 65000

network 10.10.10.0 mask 255.255.255.255

network 10.10.20.0 mask 255.255.255.255

neighbor 12.12.12.12 remote-as 25

neighbor 12.12.12.12 distribute-list 10 out

no auto-sumamry

access-list 10 permit 10.10.10.0 0.0.0.255

access-list 10 permit 10.10.20.0 0.0.0.255

If you have both carrier connections into the same router, apply this distribute list to both of your bgp neighbors and you'll only advertise these subnets to them.