You should apply the proper inbound and outbound filters to be sure an ISP mistake will not get you in trouble. I am assuming your IP addresses to be announced are from network 220.127.116.11/16. An example configuration would look like this:
description to ISP
ip address 18.104.22.168 255.255.255.252
router bgp 65000
network 22.214.171.124 mask 255.255.0.0
neighbor 126.96.36.199 remote-as 1
neighbor 188.8.131.52 prefix-list NoTrash in
neighbor 184.108.40.206 filter-list 1 out
ip as-path access-list 1 permit ^$
ip prefix-list NoTrash deny 192.168.0.0/16 le 32
ip prefix-list NoTrash deny 172.16.0.0/12 le 32
ip prefix-list NoTrash deny 10.0.0.0/8 le 32
ip prefix-list NoTrash deny 220.127.116.11/16 le 32
ip prefix-list NoTrash permit 0.0.0.0/0 le 32
ip route 18.104.22.168 255.255.0.0 Null 0 250
This would announce only the official IP addresses to the ISP. Also all RFC1918 routes are blocked. You could extend this and use the BOGON list for filtering, but this would require more maintainance, because you have to adjust the filters from time to time. For a customer it should be sufficient to block all routes you potentially have internally.
This is just in case the ISP messes up his filters. Outgoing filterlist 1 is not really needed in such an environment, but with two ISPs to prevent the customer from becoming transit AS. You can omit this, if only one ISP is present.
What i wanted to ask was tf we use only the 0.0.0.0/0 ge 32 le 32 as a prefix entry, it should allow only the default route and not anything else and hence need not require to deny the RFC 1918 address
Precaution? Remember not to propagate Private BGP AS number to internet.
One of the use of this type of configuration is provided to customers who subscribed to two uplinks connection to the same ISP with two subnets using BGP load sharing for incoming traffic (plus link redundancy). Between the provider and the customer, they use Private BGP AS.
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...