Re: pls give your way to control local as is a no-transmit as.

From: wsqccie@hotnail.com
Date: Mon Apr 07 2003 - 14:44:41 GMT-3

• Next message: Jonathan V Hays: "RE: Lowest BGP router ID prefered ?"
• Previous message: Jason Wydra: "AVVID study groups"
• Maybe in reply to: wsqccie@hotnail.com: "pls give your way to control local as is a no-transmit as."
• Next in thread: Aamer Kaleem: "Re: pls give your way to control local as is a no-transmit as."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi, Scott
      Thanks alot
Stone
----- Original Message -----
From: "Scott M. Livingston" <scottl@sprinthosting.net>
To: "'wsqccie@hotnail.com'" <wsqccie@hotmail.com>; "'groupstudy'" <ccielab@groupstudy.com>
Sent: Monday, April 07, 2003 9:59 AM
Subject: RE: pls give your way to control local as is a no-transmit as.

> Stone,
>
> You could tag the routes ingress to your network w/ a particular
> 'community' (do this for all peers that you don't want to use you as
> transit).
>
> At those some routers that you setup a tag for the external prefix's you
> must also deny those prefix's (leveraging that community value) from
> going to the external peer that you don't want using you as transit.
>
> Don't know if I did a great job explaining that so I built a working
> config below.
>
> R8 (AS80) - Not my router. Don't let him use me as transit.
> R3 (AS80) - My router under my administration.
> R4 (AS40) - My router under my administration.
> R2 (AS20) - Not my router. Don't let him use me as transit.
>
>
> R8(AS80) ---- R3(AS80) ---- R4(AS40) ---- R2(AS20)
>
> R3#
> !
> router bgp 80
> no synchronization
> bgp log-neighbor-changes
> redistribute connected
> neighbor 70.70.10.3 remote-as 80
> neighbor 70.70.10.3 route-map ME-NO-TRANSIT in
> neighbor 70.70.10.3 route-map NO-TRANSIT out
> neighbor 120.1.1.1 remote-as 40
> neighbor 120.1.1.1 send-community
> no auto-summary
> !
> ip bgp-community new-format
> ip community-list 1 permit 20:20
> !
> !
> ip prefix-list ME-NO-TRANSIT seq 10 permit 0.0.0.0/0 le 32
> route-map ME-NO-TRANSIT permit 10
> match ip address prefix-list ME-NO-TRANSIT
> set community 20:20
> !
> route-map NO-TRANSIT deny 10
> match community 1
> !
> route-map NO-TRANSIT permit 20
> !
> ---------------------------------------------------
>
> R4#
> !
> router bgp 40
> no synchronization
> bgp log-neighbor-changes
> redistribute connected
> neighbor 120.1.1.4 remote-as 80
> neighbor 120.1.1.4 send-community
> neighbor 130.1.1.2 remote-as 20
> neighbor 130.1.1.2 route-map ME-NO-TRANSIT in
> neighbor 130.1.1.2 route-map NO-TRANSIT out
> no auto-summary
> !
> ip classless
> ip http server
> ip bgp-community new-format
> ip community-list 1 permit 20:20
> !
> ip prefix-list ME-NO-TRANSIT seq 10 permit 0.0.0.0/0 le 32
> !
> route-map ME-NO-TRANSIT permit 10
> match ip address prefix-list ME-NO-TRANSIT
> set community 20:20
> !
> route-map NO-TRANSIT deny 10
> match community 1
> !
> route-map NO-TRANSIT permit 20
> !
> ------------------------------------------------------
>
> *** The *>i8.8.0.0/24 prefix will not be sent to R2 ***
> R3#sh ip bgp community 20:20
> BGP table version is 18, local router ID is 3.3.3.1
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
> *> 2.2.0.0/24 120.1.1.1 0 40 20 ?
> *> 2.2.1.0/24 120.1.1.1 0 40 20 ?
> *> 2.2.2.0/24 120.1.1.1 0 40 20 ?
> *> 2.2.3.0/24 120.1.1.1 0 40 20 ?
> *> 2.2.4.0/24 120.1.1.1 0 40 20 ?
> *>i8.8.0.0/24 70.70.10.3 0 100 0 ?
> * i70.70.10.0/28 70.70.10.3 0 100 0 ?
> *> 200.200.1.0 120.1.1.1 0 40 20 ?
> R3#
>
> ---------------------------------------------------------------------
> *** See no 8.8.0.0/24 prefix. ***
> R2#sipb
> BGP table version is 16, local router ID is 2.2.4.1
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
> *> 2.2.0.0/24 0.0.0.0 0 32768 ?
> *> 2.2.1.0/24 0.0.0.0 0 32768 ?
> *> 2.2.2.0/24 0.0.0.0 0 32768 ?
> *> 2.2.3.0/24 0.0.0.0 0 32768 ?
> *> 2.2.4.0/24 0.0.0.0 0 32768 ?
> *> 3.3.3.0/24 130.1.1.1 0 40 80 ?
> *> 4.4.0.0/24 130.1.1.1 0 0 40 ?
> *> 4.4.1.0/24 130.1.1.1 0 0 40 ?
> *> 4.4.2.0/24 130.1.1.1 0 0 40 ?
> *> 4.4.3.0/24 130.1.1.1 0 0 40 ?
> *> 4.4.4.0/24 130.1.1.1 0 0 40 ?
> *> 70.70.10.0/28 130.1.1.1 0 40 80 ?
> *> 120.1.1.0/27 130.1.1.1 0 0 40 ?
> * 130.1.1.0/30 130.1.1.1 0 0 40 ?
> *> 0.0.0.0 0 32768 ?
> *> 200.200.1.0 0.0.0.0 0 32768 ?
> R2#
> ---------------------------------------------------
>
> *** All prefix's w/ 20:20 and from AS 20 will not be sent to R8.***
> R4#sh ip bgp community 20:20
> BGP table version is 17, local router ID is 4.4.4.1
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
> *> 2.2.0.0/24 130.1.1.2 0 0 20 ?
> *> 2.2.1.0/24 130.1.1.2 0 0 20 ?
> *> 2.2.2.0/24 130.1.1.2 0 0 20 ?
> *> 2.2.3.0/24 130.1.1.2 0 0 20 ?
> *> 2.2.4.0/24 130.1.1.2 0 0 20 ?
> *> 8.8.0.0/24 120.1.1.4 0 80 ?
> * 130.1.1.0/30 130.1.1.2 0 0 20 ?
> *> 200.200.1.0 130.1.1.2 0 0 20 ?
> R4#
> ---------------------------------------------------------------
>
> *** Proof in the puddin' ***
> R8#SIPB
> BGP table version is 11, local router ID is 8.8.0.1
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
> *>i3.3.3.0/24 70.70.10.2 0 100 0 ?
> *>i4.4.0.0/24 120.1.1.1 0 100 0 40 ?
> *>i4.4.1.0/24 120.1.1.1 0 100 0 40 ?
> *>i4.4.2.0/24 120.1.1.1 0 100 0 40 ?
> *>i4.4.3.0/24 120.1.1.1 0 100 0 40 ?
> *>i4.4.4.0/24 120.1.1.1 0 100 0 40 ?
> *> 8.8.0.0/24 0.0.0.0 0 32768 ?
> * i70.70.10.0/28 70.70.10.2 0 100 0 ?
> *> 0.0.0.0 0 32768 ?
> *>i120.1.1.0/27 70.70.10.2 0 100 0 ?
> *>i130.1.1.0/30 120.1.1.1 0 100 0 40 ?
> R8#
> -----------------------------------------------
>
> Keep in mind a couple of things.
>
> 1. Depending on the build, you could use the 'local-as' attribute for
> those routes that we tagged w/ 20:20, but as you might be aware of the
> fact; if we carve up our network into multiple AS's then only the
> received AS will know the routes. It wouldn't work for my scenario for a
> couple of reasons.
>
> 2. You could build those route-maps any way you wish. I chose a PL to
> match on, but if you wanna you could use an 'as-filter' as I am sure you
> are aware.
>
> thanks,
> scott
>
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> wsqccie@hotnail.com
> Sent: Saturday, April 05, 2003 10:06 PM
> To: 'groupstudy'
> Subject: pls give your way to control local as is a no-transmit as.
>
> Group
> I know we can do this with as-path access-list ^$. are there some
> other ways?
> Stone

• Next message: Jonathan V Hays: "RE: Lowest BGP router ID prefered ?"
• Previous message: Jason Wydra: "AVVID study groups"
• Maybe in reply to: wsqccie@hotnail.com: "pls give your way to control local as is a no-transmit as."
• Next in thread: Aamer Kaleem: "Re: pls give your way to control local as is a no-transmit as."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:48 GMT-3