Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

BGP filtering "best practice"

Hi Guys,

We are setting up a new peering session with a provider for pppoe services - They will be advertising there LAC's to us, and have suggested we do the following:

- Only Accept a /32 advertised prefix

- Only accept a maximum of 500 prefixes

- Only accept prefixes that we Originate (our AS in the AS PATH only)

After some best-practice advice on how to do this, any suggestions/comments on the following filters would be greatly appreciated:

- Only Accept a /32 advertised prefix:

ip prefix-list BGP_TEST seq 5 permit 0.0.0.0/0 le 1

- Only accept a maximum of 500 prefixes

neighbor x.x.x.x maximum-prefix 500

- Only accept prefixes that we Originate (our AS in the AS PATH only) - This would only allow routes that originated in AS100

ip as-path access-list 1 permit ^100$

Cheers.

Everyone's tags (3)
4 REPLIES

BGP filtering "best practice"

your conifg looks ok except the prefix list that match hosts route /32

where you need to set as:

ip prefix-list BGP_TEST seq 5 permit 0.0.0.0/0 ge 32


The ge means greater than or equal to.  in this case ge 32 means greater than or equal to 32

hope this help

if helpful rate

New Member

BGP filtering "best practice"

Thanks for the quick response!

And thanks for the correction.

BGP filtering "best practice"

Hi,

does "

- Only accept prefixes that we Originate (our AS in the AS PATH only) - This would only allow routes that originated in AS100"

mean your AS number is 100 and you should advertise only prefixes originated in your AS?

In that case you should use

ip as-path access-list 1 permit ^$

in your outbound route-map.

As your AS number is added to the AS-PATH automatically after the outbound filtering is applied.

HTH,

Milan

New Member

BGP filtering "best practice"

Hi Milan - no, we are only wanting to accept AS100 advertisements from carrier.

Thanks

1124
Views
4
Helpful
4
Replies
CreatePlease login to create content