Looking for a workable BGP config here. Have brushed up on a lot of my BGP stuff, but i am just not getting the config i need.
I have a BGP core that is Peered with several other ISPs. At the moment we have contracted a tier 1 ISP to povide a gig link for application testing to us. We are just about to peer with them. We advertise 2 /19's with our other peers.
What i want to do is limit the scope of traffic in and out of this link. i.e. traffic from 3 /24 are only allowed in this link and only 1 /24 out of the /19 to be advertised out.
This is my config to allow only 3 subnets inbound from the tier1. I will apply a local_pref of 200 to ensure my AS chooses these routes.
access-list 115 remark *** ACL TO ALLOW ONLY THESE NETWORK IN FROM TIER1 ***
access-list 115 permit ip 220.127.116.11 0.0.63.255 any
access-list 115 permit ip 18.104.22.168 0.0.127.255 any
access-list 115 permit ip 22.214.171.124 0.0.0.255 any
!**** SET AS-PATH ACL TO TEIR1 ASN ****
ip as-path access-list 7 permit ^??????$
Route-map TIER1-RMAP-IN permit 10
match ip address 115
route-map TIER1-RMAP-IN permit 20
match as-path 7
set local-preference 200
Route-map TIER1-RMAP-OUT permit 10
match ip address 116
router BGP 100
neighbour 126.96.36.199 desc *** BGP PEER WITH TIER1 ***
neighbour 188.8.131.52 remote-as ??????
neighbour 184.108.40.206 route-map TIER1-RMAP-IN in
neighbour 220.127.116.11 route-map TIER1-RMAP-OUT out
neighbour 18.104.22.168 version 4
neighbour 22.214.171.124 soft-reconfiguration inbound
I need a config or some tips to only advertise a /24 out of 1 of our /19s out of the tier1 peer. I need to ensure that this /24 via our new tier1 is the only path and that it will failover to another peer if the new link goes down.
I hope all this makes sense.
Thanks in advance