Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BGP Prefix Filtering

Good day Colleagues,

I want to ask you advice about the policy for BGP prefix filtering. The main idea is to automatize the process of prefix filtering. I've read a lot of articles about it, but I need to discuss it to be sure about the correct way to implement it on practice.

A few words about our network... Our company is ISP. We are using C7200, C7600 and AS5350XM for peering, connection to the upstreams and the customers.

A few main questions:

1. To create the prefix-list or as-path acl I am using RtConf or bgpq. Than I use our own script to connect via telnet/ssh to a router. Is it normal practice? Do you use your own script(perl, bash, etc) or mix of it with the programs like Rancid?

2.If to put a few prefix-lists on AS5350XM the output of the config will be not a simple task and I afraid it could be the problem to keep in RAM so many information. Some prefix-list can contain more than 10 000 strings and if we have about 50 peers on the router, than it will be a problem. Or you can imagine the prefix-list for the route-server on DECIX, LINX, etc. What do you think about it?

3.Is it good idea to use uRPF? What do you recommend?

4.To protect the network from bogons, martians, unallocated ip-addresses I am thinking about using the prefix-list on 10 300 strings (question 2) or use the bogon route-server from team-cymru. It is very hard to trust the route-server... what could be if it will advertise the normal prefixes... What do you about it? Maybe I just can't effort such kind of protection with my resources.

5. Very often some prefixes from peers would be filtered by my prefix-list. Should I ask them about the situation (check RIPE, etc.), or just forget about it? What would be better?

P.S. I am talking about the prefix-lists because the as-path acls can't do the filtering as strict as the prefix-lists do.

Thank you in advance for any comments,


  • Network Management