((with your config above, is neighbor 204.12.1.154 part of AS60.))

Yes it is part of AS60

Hi again Saad,

Your config is absolutely correct.

Here is an explanation of how to understand how this works. There are 2 different types of information flow in a routed network - the flow of routing information and the flow of actual data. These flows happen in opposite directions. For example, say you have a setup such as A --- B. A advertises a route to B, say route N. The direction of this information flow is from A to B. However, the result of this information will result in the flow of data packets from B to A, which is the opposite direction.

Therefore, in your scenario here, the requirement is:

"AS 300 will not provide transit for traffic coming from AS 60 (originating) and its customers, that is destined for AS 154 (destination)".

Since you are talking about traffic flow from AS60 to AS154, the direction of routing information flow should be in the direction from AS154 to AS60. In this case, that direction is from AS300 to AS60. To stop traffic flow from AS60 to AS154, what you need to do is simply stop the routing flow in the opposite direction from AS154 to AS60. With your config, you are doing just that by filtering routing info for AS154-originated routes in your advertisements to AS60. Therefore, the config meets the requirements.

Hope that helps - pls rate the post if it does.

Regards,

Paresh.

((There are 2 different types of information flow in a routed network -))

Thanks for this, this is the key to understand the question.

Thanks again

There is another scenario,,,

((AS 99's corporate policy dictates that it should not provide transit services to get to any AS 53's customers.

However, AS 99 should still be to reach the prefixes of AS 53's customers.

Configure your network to reflect this policy)).

AS 99 is connecting (transit) AS 53 to AS 199.R6 residing within As99.

R2 is residing within AS 199 its ip address 141.1.123.2

R6:

router bgp 99

neighbor 141.1.123.2 filter-list 1 out,,,,ip address for

ip as-path access-list 1 permit _53$

Now I am looking to apply the two concept that you have mentioned them before, is it possible ?

My undersatnding to his configuration , he is advertising _53$ to AS199,,,,,,does that mean AS can reach AS 53 ?

http://info.connect.com.au/docs/routing/general/multi-faq.shtml#q13

Hi,

Let's state your objectives here:

1. You want to prevent transit traffic from AS199 to the customers of AS53.

2. You want your AS 99 to still be able to reach AS53's customers....

Bearing that in mind, the AS-path access-list you have supplied is:

ip as-path access-list 1 permit _53$

The outcome of the above is that AS99 will only advertise destinations in AS53 to AS199, and nothing else. If that's what you want, the above will work quite well as it will implicitly deny everything else.

However, if you want to prevent transit traffic from AS199 to the customers of AS53 but allow everthing else, you need to use the following:

ip as-path access-list 1 deny _53_[0-9]+$

ip as-path access-list 1 permit .*

This is what you are achieving:

- the first line will deny any routes learned from AS53's customers

- the second line will permit everything else.

Hope that helps.

Pls remember to rate posts.

Regards,

Paresh.

((1. You want to prevent transit traffic from AS199 to the customers of AS53))

My confusion here: If I want to prevent the transit from AS199 to AS53,,,why do I need to advertise destinations in AS53 to AS199 via AS99 ? Does not that mean ,the AS199 can reach AS53?

Hi,

The requirements is for you to prevent transit from AS199 to only the customers of AS53. This implies that it is okay to provide transit to get to AS53 itself, just not to any ASs hanging off it.

Does that help ? Pls rate the post if it does.

Paresh

((The requirements is for you to prevent transit from AS199 to only the customers of AS53. This implies that it is okay to provide transit to get to AS53 itself, just not to any ASs hanging off it. ))

I did not get that,,,how can I prevent transit form AS199 to AS53 only,,,how does this imply the other ASs hanging off AS53 ?

Correct my understanding if I am wrong,,,my understanding to the scenario is this,,,no one can reach AS53 except AS100,,,,

In your initial post, you wrote:

((AS 99's corporate policy dictates that it should not provide transit services to get to any AS 53's customers. )).

The above statement says that AS99 should not allow other ASs (such as AS199) to get to AS53's customers through AS53. It does not say that we should also deny access to AS53 itself. That's what I based my solution on.

Paresh

I got it now,,,,that means we have two issues:

1- AS53 itself.

2- Customers belong to AS53.

But how does the configuration prevent AS199 (or any other ASs) to reach customers (not AS53 itself) belong to AS53 ?

Because in our current configuration updates from As199 can reach AS53 itself.right?

If the updates from AS199 can raech AS53, how it can be denied for reaching the customers ?

Note: _53$ will satisfy :

1- 100 53

2- 55 100 53

3- 78 53

4- 88 89 40 53

-------

--------

----------

Does that mean that AS99 will porvide transit (pass through AS99) for AS199 to reach all the above ASs(1-4) except thier customers ?

Your question:

"how does the configuration prevent AS199 (or any other ASs) to reach customers (not AS53 itself) belong to AS53 ?"

Answer:

Since we are only advertising routes that have a path ending in a 53, i.e. _53$, AS199 will not receive any routes for paths belonging to AS53's customers (i.e. paths such as "53 200" and "53 101"). Therefore, if AS199 does not receive routes for these, how can it reach them. Remember that two flows I mentioned earlier..to prevent traffic from As199 to AS53's customers, stop updates in the other direction .. so when we stop updates about As53's customers when advertising routes to AS199, you will achieve what you want.

Your question:

"Does that mean that AS99 will porvide transit (pass through AS99) for AS199 to reach all the above ASs(1-4) except thier customers ?"

Answer:

Yes. Any route with a path ending in 53 will be advertised and will be reachable.

Pls remember to rate posts.

Paresh.

What have been explaining, that is fine, but My understanding to this expression "_53$" is :

1- 53 is AS number.

2- under score is any other ASs,,,I can not see something related to customers networks (i.e If I advertise the AS like 53 (my case), does that mean I am not going (exclude) to advertise its netwok ?

3- Now the expression "_53$" can be any one of these:

a- 40 50 53

b- 100 200 48 56 53

----

-------

All the above numbers (40,48,50,56, 100, 200) are ASs,,,there are nothing realated to customers network.