RE: pls give your way to control local as is a no-transmit as.

From: Scott M. Livingston (scottl@sprinthosting.net)
Date: Sun Apr 06 2003 - 22:59:21 GMT-3

Stone,

You could tag the routes ingress to your network w/ a particular
'community' (do this for all peers that you don't want to use you as
transit).

At those some routers that you setup a tag for the external prefix's you
must also deny those prefix's (leveraging that community value) from
going to the external peer that you don't want using you as transit.

Don't know if I did a great job explaining that so I built a working
config below.

R8 (AS80) - Not my router. Don't let him use me as transit.
R3 (AS80) - My router under my administration.
R4 (AS40) - My router under my administration.
R2 (AS20) - Not my router. Don't let him use me as transit.

R8(AS80) ---- R3(AS80) ---- R4(AS40) ---- R2(AS20)

R3#
!
router bgp 80
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 neighbor 70.70.10.3 remote-as 80
 neighbor 70.70.10.3 route-map ME-NO-TRANSIT in
 neighbor 70.70.10.3 route-map NO-TRANSIT out
 neighbor 120.1.1.1 remote-as 40
 neighbor 120.1.1.1 send-community
 no auto-summary
!
ip bgp-community new-format
ip community-list 1 permit 20:20
!
!
ip prefix-list ME-NO-TRANSIT seq 10 permit 0.0.0.0/0 le 32
route-map ME-NO-TRANSIT permit 10
 match ip address prefix-list ME-NO-TRANSIT
 set community 20:20
!
route-map NO-TRANSIT deny 10
 match community 1
!
route-map NO-TRANSIT permit 20
!
---------------------------------------------------

R4#
!
router bgp 40
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 neighbor 120.1.1.4 remote-as 80
 neighbor 120.1.1.4 send-community
 neighbor 130.1.1.2 remote-as 20
 neighbor 130.1.1.2 route-map ME-NO-TRANSIT in
 neighbor 130.1.1.2 route-map NO-TRANSIT out
 no auto-summary
!
ip classless
ip http server
ip bgp-community new-format
ip community-list 1 permit 20:20
!
ip prefix-list ME-NO-TRANSIT seq 10 permit 0.0.0.0/0 le 32
!
route-map ME-NO-TRANSIT permit 10
 match ip address prefix-list ME-NO-TRANSIT
 set community 20:20
!
route-map NO-TRANSIT deny 10
 match community 1
!
route-map NO-TRANSIT permit 20
!
------------------------------------------------------

*** The *>i8.8.0.0/24 prefix will not be sent to R2 ***
R3#sh ip bgp community 20:20
BGP table version is 18, local router ID is 3.3.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network Next Hop Metric LocPrf Weight Path
*> 2.2.0.0/24 120.1.1.1 0 40 20 ?
*> 2.2.1.0/24 120.1.1.1 0 40 20 ?
*> 2.2.2.0/24 120.1.1.1 0 40 20 ?
*> 2.2.3.0/24 120.1.1.1 0 40 20 ?
*> 2.2.4.0/24 120.1.1.1 0 40 20 ?
*>i8.8.0.0/24 70.70.10.3 0 100 0 ?
* i70.70.10.0/28 70.70.10.3 0 100 0 ?
*> 200.200.1.0 120.1.1.1 0 40 20 ?
R3#

---------------------------------------------------------------------
*** See no 8.8.0.0/24 prefix. ***
R2#sipb
BGP table version is 16, local router ID is 2.2.4.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network Next Hop Metric LocPrf Weight Path
*> 2.2.0.0/24 0.0.0.0 0 32768 ?
*> 2.2.1.0/24 0.0.0.0 0 32768 ?
*> 2.2.2.0/24 0.0.0.0 0 32768 ?
*> 2.2.3.0/24 0.0.0.0 0 32768 ?
*> 2.2.4.0/24 0.0.0.0 0 32768 ?
*> 3.3.3.0/24 130.1.1.1 0 40 80 ?
*> 4.4.0.0/24 130.1.1.1 0 0 40 ?
*> 4.4.1.0/24 130.1.1.1 0 0 40 ?
*> 4.4.2.0/24 130.1.1.1 0 0 40 ?
*> 4.4.3.0/24 130.1.1.1 0 0 40 ?
*> 4.4.4.0/24 130.1.1.1 0 0 40 ?
*> 70.70.10.0/28 130.1.1.1 0 40 80 ?
*> 120.1.1.0/27 130.1.1.1 0 0 40 ?
* 130.1.1.0/30 130.1.1.1 0 0 40 ?
*> 0.0.0.0 0 32768 ?
*> 200.200.1.0 0.0.0.0 0 32768 ?
R2#
---------------------------------------------------

*** All prefix's w/ 20:20 and from AS 20 will not be sent to R8.***
R4#sh ip bgp community 20:20
BGP table version is 17, local router ID is 4.4.4.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network Next Hop Metric LocPrf Weight Path
*> 2.2.0.0/24 130.1.1.2 0 0 20 ?
*> 2.2.1.0/24 130.1.1.2 0 0 20 ?
*> 2.2.2.0/24 130.1.1.2 0 0 20 ?
*> 2.2.3.0/24 130.1.1.2 0 0 20 ?
*> 2.2.4.0/24 130.1.1.2 0 0 20 ?
*> 8.8.0.0/24 120.1.1.4 0 80 ?
* 130.1.1.0/30 130.1.1.2 0 0 20 ?
*> 200.200.1.0 130.1.1.2 0 0 20 ?
R4#
---------------------------------------------------------------

*** Proof in the puddin' ***
R8#SIPB
BGP table version is 11, local router ID is 8.8.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network Next Hop Metric LocPrf Weight Path
*>i3.3.3.0/24 70.70.10.2 0 100 0 ?
*>i4.4.0.0/24 120.1.1.1 0 100 0 40 ?
*>i4.4.1.0/24 120.1.1.1 0 100 0 40 ?
*>i4.4.2.0/24 120.1.1.1 0 100 0 40 ?
*>i4.4.3.0/24 120.1.1.1 0 100 0 40 ?
*>i4.4.4.0/24 120.1.1.1 0 100 0 40 ?
*> 8.8.0.0/24 0.0.0.0 0 32768 ?
* i70.70.10.0/28 70.70.10.2 0 100 0 ?
*> 0.0.0.0 0 32768 ?
*>i120.1.1.0/27 70.70.10.2 0 100 0 ?
*>i130.1.1.0/30 120.1.1.1 0 100 0 40 ?
R8#
-----------------------------------------------

Keep in mind a couple of things.

1. Depending on the build, you could use the 'local-as' attribute for
those routes that we tagged w/ 20:20, but as you might be aware of the
fact; if we carve up our network into multiple AS's then only the
received AS will know the routes. It wouldn't work for my scenario for a
couple of reasons.

2. You could build those route-maps any way you wish. I chose a PL to
match on, but if you wanna you could use an 'as-filter' as I am sure you
are aware.

thanks,
scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
wsqccie@hotnail.com
Sent: Saturday, April 05, 2003 10:06 PM
To: 'groupstudy'
Subject: pls give your way to control local as is a no-transmit as.

Group
     I know we can do this with as-path access-list ^$. are there some
other ways?
Stone

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:48 GMT-3