Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

BGP Filtering AS Paths

I have a client that has an eBGP connection with me and uses us as a backup ISP. I also have 2 other eBGP peer connections which we load share for all our internet traffic.

My question is, I am trying to make sure that I never get inbound traffic from one of my AS's to my customers AS. In case thier primary AS fails, and they switch to us as a thier backup, I need to make sure all thier inound traffic comes from a particluar AS on my end.

This is what I have and I think it is fine, but not sure. I want to make sure thier AS never gets advertised to one of my upstream AS's.

neighbor 1.1.1.1 remote-as 111

neighbor 1.1.1.1 description UPSTREAM AS

neighbor 1.1.1.1 remove-private-as

neighbor 1.1.1.1 soft-reconfiguration inbound

neighbor 1.1.1.1 route-map UPSTREAM-AS-IN in

neighbor 1.1.1.1 route-map UPSTREAM-AS-OUT out

neighbor 1.1.1.1 filter-list 3 out

neighbor 2.2.2.2 remote-as 222

neighbor 2.2.2.2 description CLIENT

neighbor 2.2.2.2 ebgp-multihop 2

neighbor 2.2.2.2 soft-reconfiguration inbound

neighbor 2.2.2.2 route-map CLIENT-RECEIVE in

neighbor 2.2.2.2 route-map CLIENT-SEND out

ip as-path access-list 3 deny ^222$

ip as-path access-list 3 permit .*

Will this filter list make sure that AS 222 never gets advertised out to my UPSTREAM-AS that this is a valid path for inbound traffic?

Thanks for your help!

2 REPLIES
Hall of Fame Super Silver

Re: BGP Filtering AS Paths

Ethan

There are some aspects of your situation that I do not understand well, such as if you are the backup ISP for the client why you would not want to advertise their routes to the upstream in the event that they have failed over and are using you as their Internet connection.

But as far as you immediate question is concerned your as path filter list would effectively prevent advertising to neighbor 1.1.1.1 of any route originated by the client and advertised directly from the client to you.

HTH

Rick

New Member

Re: BGP Filtering AS Paths

Awesome!! That is what I wanted to hear! I just get confused on CISCO's "regular expressions".

I was also thinking this, but wasn't for sure.

ip as-path access-list 3 deny _222_

ip as-path access-list 3 deny ^222$

ip as-path access-list 3 permit .*

A little background on the situation: Thier primary AS, is also one of our AS's, which is the AS they DON'T want to use as a path if thier primary fails. An example would be if thier primary AS is having issues and they switch over to us, we/they don't want thier inbound traffic coming from the same AS they just killed. Otherwise the issues could follow them if they switched over. Make sense?

I apprecaite your help, and if you have a good link or a good explanation of Cisco's "expressions" that would be great. By the way, I will make this change in a few days. If it works, I will rate your "post" then. Thanks Richard!

118
Views
4
Helpful
2
Replies
CreatePlease to create content