From: cciein2006@yahoo.com
Date: Sun Jul 17 2005 - 22:52:11 GMT-3
Thanks guys.
I think the point Larry makes is what I was concerned about.
According to Cisco:
"Service Providers normally expect their customers to only send routes originating in the customer's AS. However, self-precaution and care for the rest of the Internet cause the Service Provider to implement AS-path filters on incoming updates received from their customers.
The network operators of the Service Provider's AS in the example below could configure individual filters for each neighbor. However, a single as-path access-list permitting only AS-paths of length exactly one, would be a better solution because it can be applied on all incoming routes from all customers, possibly using a peer-group.
Since the Service Provider's AS will receive customer routes with prepended AS-paths that have a length greater than one, the incoming filters must be modified. It is no longer possible to have a common as-path access-list for all customers. The old filter allowed all routes with an AS-path length of exactly one to be received. However, all the customers now send routes with AS-paths longer than one, but the Service Provider will not accept them without filtering and a common filter, which receives AS-paths of only a certain length, will suffice.
How would the Service Provider know that they originated in the customer's AS and not erroneously transited by the customer? The only possible solution is to create individual filters for each neighbor. When the filter is applied on a specific neighbor, a sequence of multiple copies of a specific AS-number can be allowed. "
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3