From: Daniel M. Dawson (dandawson@xxxxxxxxxx)
Date: Sun Apr 01 2001 - 04:25:28 GMT-3
Consider the following:
R1------R2-----R3-----R4--------R5
AS10 (-----AS 20------) AS30
By putting no export on the routes coming in from R1 when advertised
thru IBGP to R3 and R4 and putting no export on routes coming in from
R5 to R4 when advertised thru IGRP to R3 and R2...
R1-----------R2-----R3-----R4----------R5
AS10 (-----AS 20------) AS30
>routeR1> >>routeR1 NE>> |NOT routeR1|
(EBGP) (IBGP) (EBGP)
|NOT routeR5| <<routeR5 NE<< <routeR5<
(EBGP) (IBGP) (EBGP)
In this situation, your AS (20) will know routes from AS10 but not
advertise those routes out to AS30. Also your AS will know routes from
AS30 but not advertise them to AS10. As a result you will have all
known routes but no BGP AS path will ever have your AS as a transient AS.
i.e. no AS will ever see in their BGP table a path of 10 20 30 or
vice versus 30 20 10.
The only way you would have transient traffic is for either of the
neighboring AS's to set your AS in their default route. In this case
they may send traffic to you if they have no route to it, and if you
have a route to it out the other side of your AS the traffic will transit
your AS.
To absolutely insure no traffic is transiting your AS, you could set just
a plain access-list that allows only traffic destined for your internal
networks. And apply that access list to the incoming interfaces of your
EBGP connections. Assuming you have a service agreement with the two
AS's you connect to, and you can negotiate that they do not set you in
their default route. Then the no export is much cleaner and prevents
your border routers to compare all incoming traffic to an access-list.
Daniel M. Dawson
E-mail: dandawson@lucent.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
fwells12
Sent: Saturday, March 31, 2001 11:20 PM
To: ccielab@groupstudy.com
Subject: Re: BGP/Community No-export
This is true. However, it still does not stop the directly connected AS'
from using your AS as a transit, it will only stop the AS' beyond those
directly connected ones from seeing your routes. If those remote AS' had
default routes to the directly connected AS', your AS may still be used as a
transit AS by the directly connected ones. The only way to be sure your AS
will not become a transit it to make sure that only routes that originate
inside your AS are advertised to other AS'.
To comment on the other comment, it does not make any difference how you
advertise those routes. Route maps are just a tool to help you filter and
manipulate attributes.
----- Original Message -----
From: Erick B. <erickbe@yahoo.com>
To: Richard Foltz <globalfx@netropolis.net>; <ccielab@groupstudy.com>
Sent: Saturday, March 31, 2001 6:39 PM
Subject: Re: BGP/Community No-export
> no export works fine if you set it on the inbound
> routes / neighbor from another AS. Doing this you're
> AS will get routes from that AS but other AS's your
> connected to won't get those routes.
>
> --- Richard Foltz <globalfx@netropolis.net> wrote:
> > In order to not become a transit as you should only
> > allow your subnets to be
> > advertised, using a route map. Setting no export
> > just tells the next AS not
> > to send your router to any of thier connected AS's.
> >
> > Richard Foltz
> > Sr. Network Engineer
> > ZettaWorks LLP.
> > 3rd Attemp @ RTP 11/2-3
> >
> > ----- Original Message -----
> > From: "Jerry Hutcheson" <jhutches@cisco.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Saturday, March 31, 2001 12:23 PM
> > Subject: BGP/Community No-export
> >
> >
> > > If you have two connections out to an the same
> > EBGP network and you want
> > to make sure you do not become a transit AS.
> > >
> > > I used the community no export command. Do you
> > have to do this only on one
> > side of your IBGP network or on both.?
> > >
> > > It seemed to work for me on one side.
> > >
> > > thanks,
> > >
> > > jerry
> > > **NOTE** All LAB SWAP messages should now be sent
> > to the
> > > LAB SWAP Message board on groupstudy.com.
> > **NOTE** All LAB SWAP messages should now be sent to
> > the
> > LAB SWAP Message board on groupstudy.com.
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:37 GMT-3