I have a client that has an eBGP connection with me and uses us as a backup ISP. I also have 2 other eBGP peer connections which we load share for all our internet traffic.
My question is, I am trying to make sure that I never get inbound traffic from one of my AS's to my customers AS. In case thier primary AS fails, and they switch to us as a thier backup, I need to make sure all thier inound traffic comes from a particluar AS on my end.
This is what I have and I think it is fine, but not sure. I want to make sure thier AS never gets advertised to one of my upstream AS's.
neighbor 126.96.36.199 remote-as 111
neighbor 188.8.131.52 description UPSTREAM AS
neighbor 184.108.40.206 remove-private-as
neighbor 220.127.116.11 soft-reconfiguration inbound
neighbor 18.104.22.168 route-map UPSTREAM-AS-IN in
neighbor 22.214.171.124 route-map UPSTREAM-AS-OUT out
neighbor 126.96.36.199 filter-list 3 out
neighbor 188.8.131.52 remote-as 222
neighbor 184.108.40.206 description CLIENT
neighbor 220.127.116.11 ebgp-multihop 2
neighbor 18.104.22.168 soft-reconfiguration inbound
neighbor 22.214.171.124 route-map CLIENT-RECEIVE in
neighbor 126.96.36.199 route-map CLIENT-SEND out
ip as-path access-list 3 deny ^222$
ip as-path access-list 3 permit .*
Will this filter list make sure that AS 222 never gets advertised out to my UPSTREAM-AS that this is a valid path for inbound traffic?
Thanks for your help!