From: Jay Young - Taylor (jyoungtaylor@gmail.com)
Date: Thu Sep 01 2005 - 23:13:45 GMT-3
Andrew,
I would say that the first would be the correct option. As you said it
would prevent you from advertising all routes except for your own. The
second option will not work because with the following topology
AS1===(YOUR AS)===AS2====AS3:
AS1 would have a route to AS2 through you and vice versa; even though
AS2 would not forward the routes to AS3 any packet with a source from
withing AS1 and a destination withing AS2 would transit your area
(assuming you don't have any traffic access lists implemented).
Hope that helps
-JYT
Edwards, Andrew M wrote:
>If the requirement is to not allow you to be a transit AS and you are
>neighbored to only one AS at this time....
>
>Which is the best method to ensure you don't become a transit AS if
>neither is specified?
>
>1. only advertised routes with an empty path to the eBGP neighbor AS
>(e.g. permit only ^$)
>Logic: local AS routes do not have a path when advertised. It is the
>receiving AS neighbor that appends the AS path to a prefix.
>This way the prefixes will be empty in path for local AS originated
>prefixes. No other learned prefixes would be advertised regardless.
>In effect my AS is not advertising reachability to any other AS. So, it
>cant be a transit AS.
>
>
>
>2. set "no-export" community to learned prefixes from eBGP neighbors.
>Send community to all iBGP neighbors
> Makes sure eBGP neighbor AS' can reach you but not advertise
>learned prefixes from your AS.
>
>Any thoughts...
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:13 GMT-3