cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
412
Views
5
Helpful
3
Replies

BGP Filtering

rrusselljr
Level 1
Level 1

Is there a way in BGP to use an inbound filter list to select prefixes from only certain ASs but always accept a certain prefix no matter what AS path it has?

 

Scenario:  We have two upstream providers and are accepting only certain AS paths from each.  In addition, both providers are sending 0.0.0.0/0.  We filter that route from our secondary provider but have a floating static to 0.0.0.0/0 in case our default provider goes down.  Our default provider used to send the route with only their AS in the path but something changed where they are now advertising the default route which they are receiving from one of their upstream providers so the AS path changed.  At this point, we filtered the default route out because it didn't match our AS filter.  I can add that particular AS to our filter but if it changes again, we will be in the same boat.  I believe that the only way for this to work now is to accept all prefixes and AS paths from this provider and then mark any route learned from our secondary provider with a better preference.  The only other way would be to create a static default route that points to a prefix in their network and hope that that network never went down which I don't want to do.

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Can't test this but presumably you have a route map filtering inbound routes and matching on AS PATH.

If so you can also match on the network prefix so can you not just modify your route map so the first entry simply permits the default route based on the network prefix as opposed to the AS PATH and then your other entry filters on AS PATH.

If i have misunderstood please clarify.

Jon

View solution in original post

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

Can't test this but presumably you have a route map filtering inbound routes and matching on AS PATH.

If so you can also match on the network prefix so can you not just modify your route map so the first entry simply permits the default route based on the network prefix as opposed to the AS PATH and then your other entry filters on AS PATH.

If i have misunderstood please clarify.

Jon

Thanks for the reply.  No we do not have a route map filtering AS paths, we have an as-path access-list using regular expressions bound via a filter-list statement to filter AS paths.  This is set to allow only paths with our upstream provider and also paths with two unique AS numbers (our upstream provider and a few select ASs).  We use an as-path access-list since it is easier to allow those paths which contain two AS numbers (although any number of repeats, ie:

 

ip as-path access-list 1 permit ^xxxxx(_xxxxx)*_yyyyy(_yyyyy)*$

 

I supposed we could bind it into the route-map that is bound to that neighbor but the route map is doing something different.  It was cleaner to use the route-map to do one thing and the filter-list to do the other because if we combine them together we'll have to create some nests.  However this would probably be better than accepting all routes when we don't really need them.

 

Jon brings up how I've done things in the past. With the neighbor route-map, just set the local preference of the default from ISP1 to 110 while leaving the default from ISP2 at 100.

You can leave the filter-list in place for your 2 AS paths or incorporate it into the route-map. It's just a match clause. I've filtered the full routing table for AS path length using route-maps before and it works fine.

Then you can get rid of any floating static you have since the default from ISP2 will be installed if the primary goes away.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco