BGP Transit area, defalut route

Unanswered Question
Jul 16th, 2008
User Badges:

Hi all,


1. If the local router receive full routing from ebgp peer. How can I filier it to receive only one default route instead.


2. Suppose my bgp router connect two ISPs. How can I config local router to avoid to become Transit area.


Any document mention about it ?


thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
lee.reade Wed, 07/16/2008 - 01:53
User Badges:
  • Silver, 250 points or more

Hi,


Well if your ISP is advertising a default along with full routes, which is probably not likely, as this is overkill, then you could use an inbound prefix list or distribute list or route-map to match just the 0.0.0.0 network.


To make sure you are not used as transit, you must config an as-path access-list and enable it outbound to the neighbours, this will allow only locally generated routes, ie thost with no current AS path;


ip as-path access-list 1 permit ^$

router bg x

NEIGH X.X.X.X filter-list 1 out


Have a look at this url for info on BGP;


http://www.cisco.com/warp/public/459/bgp-toc.html


HTH


LR

mohammedmahmoud Wed, 07/16/2008 - 02:05
User Badges:
  • Green, 3000 points or more

Hi,


1. Use a prefix-list to allow only the default route (make sure that your provider sends a default route in the first place):


ip prefix-list DEF seq 5 permit 0.0.0.0/0

router bgp x

neighbor x.x.x.x prefix-list DEF in


2. Make sure to only advertise your local routes to both providers and never advertise routes received from one provider to the other, example:


ip prefix-list LOCAL seq 5 permit x.x.x.x/x

router bgp x

neighbor x.x.x.x prefix-list LOCAL out



[edit] Lee, sorry for the cross post.

[edit] Using an as-path access-list as Lee suggested is the smartest way of doing it, but i've seen some customers whom are more comfortable to see the exact routes they are permitting in the configuration, its your choice.


BR,

Mohammed Mahmoud.

acbenny Mon, 07/21/2008 - 00:43
User Badges:

Thanks !


Can i use distribute-list for filter inject

bgp default route instead of prefix list

mohammedmahmoud Mon, 07/21/2008 - 01:22
User Badges:
  • Green, 3000 points or more

Hi Jack,


Yes you can use " neighbor x.x.x.x distribute-list x in" plus an ACL, but i generally prefer using prefix-lists with route-filtering as they are more scalable, flexible and less CPU intensive than ACLs when we are talking about a large list.


BR,

Mohammed Mahmoud.

acbenny Mon, 07/21/2008 - 05:30
User Badges:

what is the ACL will be if use distribute list


I just know use prefix-list is 0.0.0.0/0

mohammedmahmoud Mon, 07/21/2008 - 05:43
User Badges:
  • Green, 3000 points or more

Hi,


Just use "access-list 1 permit host 0.0.0.0" and note that the IOS will store it as "access-list 1 permit 0.0.0.0" without the host keyword.


BR,

Mohammed Mahmoud.

acbenny Mon, 07/21/2008 - 07:27
User Badges:

No need specify wildcard mask ?

(i.e )

access-list 1 permit 0.0.0.0 255.255.255.255

mohammedmahmoud Mon, 07/21/2008 - 09:21
User Badges:
  • Green, 3000 points or more

Jack,


A wildcard of 0.0.0.0 = host, meaning that it must be an exact full 32 bit match (and it is the default in case you didn't state an explicit wildcard), and thus "access-list 1 permit host 0.0.0.0" = "access-list 1 permit 0.0.0.0 0.0.0.0" = "access-list 1 permit 0.0.0.0".


I hope that i've been informative.


BR,

Mohammed Mahmoud.

Actions

This Discussion