BGP Transit area, defalut route

Unanswered Question
Jul 16th, 2008

Hi all,

1. If the local router receive full routing from ebgp peer. How can I filier it to receive only one default route instead.

2. Suppose my bgp router connect two ISPs. How can I config local router to avoid to become Transit area.

Any document mention about it ?

thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
lee.reade Wed, 07/16/2008 - 01:53


Well if your ISP is advertising a default along with full routes, which is probably not likely, as this is overkill, then you could use an inbound prefix list or distribute list or route-map to match just the network.

To make sure you are not used as transit, you must config an as-path access-list and enable it outbound to the neighbours, this will allow only locally generated routes, ie thost with no current AS path;

ip as-path access-list 1 permit ^$

router bg x

NEIGH X.X.X.X filter-list 1 out

Have a look at this url for info on BGP;



mohammedmahmoud Wed, 07/16/2008 - 02:05


1. Use a prefix-list to allow only the default route (make sure that your provider sends a default route in the first place):

ip prefix-list DEF seq 5 permit

router bgp x

neighbor x.x.x.x prefix-list DEF in

2. Make sure to only advertise your local routes to both providers and never advertise routes received from one provider to the other, example:

ip prefix-list LOCAL seq 5 permit x.x.x.x/x

router bgp x

neighbor x.x.x.x prefix-list LOCAL out

[edit] Lee, sorry for the cross post.

[edit] Using an as-path access-list as Lee suggested is the smartest way of doing it, but i've seen some customers whom are more comfortable to see the exact routes they are permitting in the configuration, its your choice.


Mohammed Mahmoud.

acbenny Mon, 07/21/2008 - 00:43

Thanks !

Can i use distribute-list for filter inject

bgp default route instead of prefix list

mohammedmahmoud Mon, 07/21/2008 - 01:22

Hi Jack,

Yes you can use " neighbor x.x.x.x distribute-list x in" plus an ACL, but i generally prefer using prefix-lists with route-filtering as they are more scalable, flexible and less CPU intensive than ACLs when we are talking about a large list.


Mohammed Mahmoud.

acbenny Mon, 07/21/2008 - 05:30

what is the ACL will be if use distribute list

I just know use prefix-list is

mohammedmahmoud Mon, 07/21/2008 - 05:43


Just use "access-list 1 permit host" and note that the IOS will store it as "access-list 1 permit" without the host keyword.


Mohammed Mahmoud.

acbenny Mon, 07/21/2008 - 07:27

No need specify wildcard mask ?

(i.e )

access-list 1 permit

mohammedmahmoud Mon, 07/21/2008 - 09:21


A wildcard of = host, meaning that it must be an exact full 32 bit match (and it is the default in case you didn't state an explicit wildcard), and thus "access-list 1 permit host" = "access-list 1 permit" = "access-list 1 permit".

I hope that i've been informative.


Mohammed Mahmoud.


This Discussion