just looking for a start on this or any sort of guidance;
We got the following topology; central routes being advertised over our MPLS circuits to remote sites via eBGP, on the remote sites we are running iBGP. For one specific site we want to block certain routes from eBGP being advertised into our iBGP.
Any suggestions on how to go about this?
IMHO, a combination of both would be the safest way.
Let's say your HQ is using AS number 65001 and your iBGP neighbor is x.x.x.x.
You could configure something like this on your WAN routers on the remote site:
neighbor x.x.x.x route-map block_HQ out
ip as-path access-list 1 permit _65001$
ip prefix-list hq_prefixes seq 5 permit 10.20.30.0/20
route-map block_HQ deny 10
match ip address prefix-list hq_prefixes
match as-path 1
route-map block_HQ permit20
This way 10.20.30.0/20 prefix originated from AS 65001 (=your HQ) would not be advertised to the neighbor x.x.x.x.
But if received originated from another AS, it would pass.
Is this what you need?