cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2339
Views
5
Helpful
8
Replies

BGP Transit area, defalut route

acbenny
Level 1
Level 1

Hi all,

1. If the local router receive full routing from ebgp peer. How can I filier it to receive only one default route instead.

2. Suppose my bgp router connect two ISPs. How can I config local router to avoid to become Transit area.

Any document mention about it ?

thank you

8 Replies 8

lee.reade
Level 4
Level 4

Hi,

Well if your ISP is advertising a default along with full routes, which is probably not likely, as this is overkill, then you could use an inbound prefix list or distribute list or route-map to match just the 0.0.0.0 network.

To make sure you are not used as transit, you must config an as-path access-list and enable it outbound to the neighbours, this will allow only locally generated routes, ie thost with no current AS path;

ip as-path access-list 1 permit ^$

router bg x

NEIGH X.X.X.X filter-list 1 out

Have a look at this url for info on BGP;

http://www.cisco.com/warp/public/459/bgp-toc.html

HTH

LR

mohammedmahmoud
Level 11
Level 11

Hi,

1. Use a prefix-list to allow only the default route (make sure that your provider sends a default route in the first place):

ip prefix-list DEF seq 5 permit 0.0.0.0/0

router bgp x

neighbor x.x.x.x prefix-list DEF in

2. Make sure to only advertise your local routes to both providers and never advertise routes received from one provider to the other, example:

ip prefix-list LOCAL seq 5 permit x.x.x.x/x

router bgp x

neighbor x.x.x.x prefix-list LOCAL out

[edit] Lee, sorry for the cross post.

[edit] Using an as-path access-list as Lee suggested is the smartest way of doing it, but i've seen some customers whom are more comfortable to see the exact routes they are permitting in the configuration, its your choice.

BR,

Mohammed Mahmoud.

Thanks !

Can i use distribute-list for filter inject

bgp default route instead of prefix list

Hi Jack,

Yes you can use " neighbor x.x.x.x distribute-list x in" plus an ACL, but i generally prefer using prefix-lists with route-filtering as they are more scalable, flexible and less CPU intensive than ACLs when we are talking about a large list.

BR,

Mohammed Mahmoud.

what is the ACL will be if use distribute list

I just know use prefix-list is 0.0.0.0/0

Hi,

Just use "access-list 1 permit host 0.0.0.0" and note that the IOS will store it as "access-list 1 permit 0.0.0.0" without the host keyword.

BR,

Mohammed Mahmoud.

No need specify wildcard mask ?

(i.e )

access-list 1 permit 0.0.0.0 255.255.255.255

Jack,

A wildcard of 0.0.0.0 = host, meaning that it must be an exact full 32 bit match (and it is the default in case you didn't state an explicit wildcard), and thus "access-list 1 permit host 0.0.0.0" = "access-list 1 permit 0.0.0.0 0.0.0.0" = "access-list 1 permit 0.0.0.0".

I hope that i've been informative.

BR,

Mohammed Mahmoud.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco