I'm currently building a config to multi-home my organization. My goals are to only accept default + local routes from my providers, and to stop any transit traffic through my network. The expression I plan to use is as follows:
neighbor x.x.x.x filter-list 1 out
ip as-path access-list 1 permit ^$
I know this will accomplish the 'no transit' part, but does it also allow me to accept only default and local routes? It's applied outbound so I'm thinking no.
Any help would be appreciated.
You are quite right that the filter list that you post will be very effective in making sure that you do not become transit. But it will do nothing to control what you learn. You would want an inbound filter list to control what you learn. If one of your upstream providers were AS 123 then you might want a filter list that looks something like this:
neighbor x.x.x.x filter-list 5 in
ip as-path access-list 1 permit ^123$
this will permit only prefixes with exactly one AS number in the path and that number must be 123.