From: OhioHondo (ohiohondo@columbus.rr.com)
Date: Mon May 12 2003 - 15:56:29 GMT-3
When you redistribute external prefixes into BGP, I believe that you should
NEVER redistribute them back into BGP. It can only cause problems.
That means that on your IGP to BGP redistributions, you should have a route
map that filters out the externally learned BGP prefixes. (you can use other
means also.)
If you take care not to "re-redistribute", you only need the ip as-path
access-list ^$ to ensure that your AS is not a transit AS.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Jay Hennigan
Sent: Monday, May 12, 2003 1:45 PM
To: Robert Yee
Cc: ccielab@groupstudy.com
Subject: Re: how can I prevent my AS from becoming a transit AS? (kinda
long)
On Sun, 11 May 2003, Robert Yee wrote:
> Given the following scenario, how can I prevent my AS from becoming a
transit AS:
>
> ----- -----
> |AS100| |AS300|
> ----- -----
> \ /
> \ /
> ---------------------------
> | \ / |
> | R1----iBGP---R2 |
> | \ / |
> | \ / |
> | OSPF OSPF |
> | \ / |
> | \ / |
> | R3 |
> |AS200 (OSPF) |
> ---------------------------
>
> AS 300 advertises 10.1.1.0 /24 to AS 200 through R2.
>
> The 2 edge routers in AS 200 are running BGP and OSPF. R3 is running OSPF
and has numerous routes that it is advertising to R1 and R2.
Syncronization in BGP is disabled, so there should be no issue with bgp/ospf
sync.
>
> The 2 edge routers are running mutual redistribution between the IGP and
EGP.
>
> R2 redistributes 10.1.1.0 /24 from BGP into OSPF. Eventually, this route
will reach R1 from OSPF (and from iBGP) and will be redistributed back into
BGP from OSPF. Since OSPF has a better AD than iBGP, the OSPF route will be
placed into routing table, and BGP will pick the redisributed route as the
best path. This route will then get advertised to AS 100.
>
> Because OSPF is redistributing many routes to BGP, I think the best
solution would be to put the following filter-list (skip ditribute-list,
prefix-list, route-map) on each edge router:
>
> ip as-path access-list 1 permit ^$
>
> This filter list should only allow routes out that have no AS-PATH
attribute associated with it.
>
> This should prevent AS 200 from being a transit area (if we were only
running BGP), BUT since we are mutually redistributing, 10.1.1.0 /24 now is
seen by BGP on R1 as route w/out an AS-PATH attribute.
>
> Then 10.1.1.0 /24 gets advertised out to AS 100.
>
> Is there any way around this?
Look at how the BGP routes are injected into OSPF, and how you can control
this. Then look at how you can control what gets redistributed into BGP.
Hint:
(config-router)# redistribute ospf 1 match ?
-- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:41 GMT-3