07-16-2008 01:46 AM - edited 03-03-2019 10:44 PM
Hi all,
1. If the local router receive full routing from ebgp peer. How can I filier it to receive only one default route instead.
2. Suppose my bgp router connect two ISPs. How can I config local router to avoid to become Transit area.
Any document mention about it ?
thank you
07-16-2008 01:53 AM
Hi,
Well if your ISP is advertising a default along with full routes, which is probably not likely, as this is overkill, then you could use an inbound prefix list or distribute list or route-map to match just the 0.0.0.0 network.
To make sure you are not used as transit, you must config an as-path access-list and enable it outbound to the neighbours, this will allow only locally generated routes, ie thost with no current AS path;
ip as-path access-list 1 permit ^$
router bg x
NEIGH X.X.X.X filter-list 1 out
Have a look at this url for info on BGP;
http://www.cisco.com/warp/public/459/bgp-toc.html
HTH
LR
07-16-2008 02:05 AM
Hi,
1. Use a prefix-list to allow only the default route (make sure that your provider sends a default route in the first place):
ip prefix-list DEF seq 5 permit 0.0.0.0/0
router bgp x
neighbor x.x.x.x prefix-list DEF in
2. Make sure to only advertise your local routes to both providers and never advertise routes received from one provider to the other, example:
ip prefix-list LOCAL seq 5 permit x.x.x.x/x
router bgp x
neighbor x.x.x.x prefix-list LOCAL out
[edit] Lee, sorry for the cross post.
[edit] Using an as-path access-list as Lee suggested is the smartest way of doing it, but i've seen some customers whom are more comfortable to see the exact routes they are permitting in the configuration, its your choice.
BR,
Mohammed Mahmoud.
07-21-2008 12:43 AM
Thanks !
Can i use distribute-list for filter inject
bgp default route instead of prefix list
07-21-2008 01:22 AM
Hi Jack,
Yes you can use " neighbor x.x.x.x distribute-list x in" plus an ACL, but i generally prefer using prefix-lists with route-filtering as they are more scalable, flexible and less CPU intensive than ACLs when we are talking about a large list.
BR,
Mohammed Mahmoud.
07-21-2008 05:30 AM
what is the ACL will be if use distribute list
I just know use prefix-list is 0.0.0.0/0
07-21-2008 05:43 AM
Hi,
Just use "access-list 1 permit host 0.0.0.0" and note that the IOS will store it as "access-list 1 permit 0.0.0.0" without the host keyword.
BR,
Mohammed Mahmoud.
07-21-2008 07:27 AM
No need specify wildcard mask ?
(i.e )
access-list 1 permit 0.0.0.0 255.255.255.255
07-21-2008 09:21 AM
Jack,
A wildcard of 0.0.0.0 = host, meaning that it must be an exact full 32 bit match (and it is the default in case you didn't state an explicit wildcard), and thus "access-list 1 permit host 0.0.0.0" = "access-list 1 permit 0.0.0.0 0.0.0.0" = "access-list 1 permit 0.0.0.0".
I hope that i've been informative.
BR,
Mohammed Mahmoud.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: