Gabrielle,

As Rick stated, the problem is caused by lack of filtering on outbound updates to AT&T. Based on your description of the problem, your AS can be used as a transit AS by AT&T and if they do that could cause some serious problems.

There are many ways to do outbound filtering in BGP but one of the common ways to do that is to use an as path filter. You would need a config similiar to this one.

router bgp 1

neighbor filter-list 1 out

From global config mode:

ip as-path access-list 1 permit ^$

This would make the router only advertise the locally, your AS, originated routes to the neighbor.

HTH

Sundar

Should I have to clear anything after doing this? Clear bgp or something?

router bgp XXXXX

no synchronization

bgp log-neighbor-changes

network X.X.X. mask 255.255.240.0

network X.X.X.X mask 255.255.240.0

neighbor X.X.X.X remote-as 7018

neighbor X.X.X.X description AT&T Link DS3

neighbor X.X.X.X update-source Serial2/0

neighbor X.X.X.X version 4

neighbor X.X.X.X soft-reconfiguration inbound

neighbor X.X.X.X route-map localonly out

neighbor X>X>X>X filter-list 1 out

neighbor X.X.X.X remote-as XXXX

neighbor X.X.X.X next-hop-self

neighbor X.X.X.X remote-as XXXX

neighbor X.X.X.Xnext-hop-self

no auto-summary

ip as-path access-list 1 permit ^$

ip as-path access-list 11 permit .*

ip as-path access-list 12 deny .*

ip as-path access-list 15 permit ^XXXXX$

ip as-path access-list 16 permit ^XXXXX$

ip as-path access-list 17 permit ^XXXXX$

route-map ATT_Test permit 5

match as-path 17

set local-preference 100

route-map local_pref permit 5

match as-path 16

set local-preference 100

!

route-map local_pref permit 10

set local-preference 90

!

route-map localonly permit 13

match as-path 13

!

route-map sendall permit 11

match as-path 11

Gabrielle

When you change a policy in BGP (and especially if you are adding or changing filtering) you will generally need to clear any neighbor whose traffic may be impacted by the changes that you have made.

HTH

Rick

Thanks for your help! One more thing. I went from Advertising everything to nothing. Managaed to get it fixed. But.....

** I have a customer who has network that we route for - this is the only one not showing in the list.

Gabrielle

The impression that we had was that your network was a non-transit customer network and that you only wanted to advertise networks that originate in your AS. The filtering that we suggested accomplishes this. If that was not the correct understanding and if there is a network (or some networks) that you also want to advertise then some change would need to be made in the filtering.

If you have already worked it out and solved it then that is good. But if you want some help in working out the proper filtering, then we would need some more detail about your environment.

HTH

Rick

We are an ISP. I have 2 CORE ROUTERS 1- all traffic routes to AT&T via the BGP. I need all our network to announce through this (just ours) and company X. 2- all traffic routes to Canada via company when and only when At&T link is down need to announce our network and company X.

Do you still need more?

All set except 1 issue. We have a customer who has a Network x.x.x.x from TimeWarner and they have there own AS num.

!!

BGP

network X.X.X.0 mask 255.255.255.0

Do I need to

neighbor X.X.X.X remote-as ###

neighbor X.X.X.X next-hop-self ????

or

something else?

Gabrielle

I think that we do not yet understand your situation well enough to give a good and complete answer to your question. Perhaps you can clarify a few things:

- if the customer has an address from TimeWarner then why are you supposed to advertise it?

_ if the customer has an address from TimeWarner then TimeWarner probably announces it as part of an address block aggregation. If you advertise the more specific address and TimeWarner does not de-aggregate then you will become the favored path for the Internet to reach your customer, not TimeWarner. Are you prepared for that to happen? Does your customer realize that is likely to happen and is it what they want?

- how does the customer route get into your network - will they advertise it to you via BGP or will it get into your network some other way?

The one part of the question that is fairly clear is that if you are running BGP with them and they have their own AS number (neighbor X.X.X.X remote-as ### ) then you certainly do not need next-hop-self.

HTH

Rick

This is a customer who got a /24 from time warner, a /24 from us and have an AS # and uses Time Warner as a backup internet. They are annoucing the network to us however my Core router doesn't announce it out. They would like us to announce the Time Warener. He claims this worked before but I have gone in every config back 2 years and don't see any changes that were to his network.

Gabrielle

It seems to me that first you need to decide whether you really want to advertise the /24 of TimeWarner or not after considering the implications. If you decide that you do want to advertise it then we can consider how to do that.

As I indicated in my previous post how to do this depends on how your customers route gets into your routing table. If you have it in your routing table as an Internal route then you would only have to add a network statement in your BGP for that network. I believe that you have indicated that they are advertising it to you via BGP (EBGP). In that case you will need to change the filtering that you are doing to your upstream neighbors. I am not clear what filtering you are doing but I assume that it is probably something like ip as-path access-list 1 permit ^$ as was suggested several times in previous posts. You would need to add another statement in the as-path access-list to permit the route from your customer. That should allow it to be advertised to your upstream neighbors.

HTH

Rick