From: Aaron Pilcher (apilcher@itgcs.com)
Date: Thu Jun 22 2006 - 00:05:03 ART
^100_ says anything learned from as 100, including 100 99 98 97 96 95 etc
^100(_[0-9]+)$ says anything as 100 plus one as ie. "100 99" or "100 98"
but not anything else past one as....
^100(_[0-9]+)?(_[0-9]+)?$ would be 100 + 2AS's ie. "100 99 98"
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Navin MS
Sent: Wednesday, June 21, 2006 9:10 PM
To: Roberto Fernandez; Elias Chari; Bajo
Cc: Sami; ccielab@groupstudy.com
Subject: RE: BGP AS-Path access list
Isn't it sufficient to filter incoming updates using "ip as-path access-list
permit ^100_ " ?
IMO, both the routes from AS 100 and its directly attached customer will
have AS-PATH starting
with 100. So just match for starting of AS 100 and don't worry about what
follows.
Am I missing something here ?
--- Roberto Fernandez <rofernandez@us.telefonica.com> wrote:
> Samy,
>
> Elias is correct; with BGP you have absolute control of your outgoing
> traffic. But you have to understand how it works:
>
> In this case you don't want to send traffic to certain "places" and;
> those places are identified by means of their AS number, so... it is
> there a better solution that not even knowing about those "places"?
>
> Well your solution is make yourself ignorant about those places, by
> filtering them out before your router is able to process them into your
> routing table. That's why here you should filter INBOUND:
>
> neighbor 129.1.23.3 route-map R4 in
>
> Instead of OUTBOUND:
>
> neighbor 129.1.23.3 route-map R4 in
>
> as your configuration shows.
>
> Outbound route filtering works the opposite, and works towards
> controlling the incoming traffic by "enlightening" or "leaving in the
> dark" your neighbors about the routes on your own BGP domain.
>
> Best Regards,
> Roberto
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Elias Chari
> Sent: Wednesday, June 21, 2006 12:58 PM
> To: Bajo
> Cc: Sami; ccielab@groupstudy.com
> Subject: Re: BGP AS-Path access list
>
> If you want to send traffic only to as XYZ and its directly attached
> customers, your filtering policy should be inbound, so that you only
> receive
> routes with path 100_<attachedAS>
>
>
> neighbor 129.1.23.3 route-map R4 in
>
>
>
> On 6/21/06, Bajo <bajoalex@gmail.com> wrote:
> >
> > Hi Sami,
> >
> > I do not see you denying any other routes on other neighbours (am not
> sure
> > about the route-maps but as-path list 58 is applied only once).
> >
> > Did lab you case with a deny and it works.
> >
> > Do "sh ip bg regexp ^200(_[0-9]+)$" on R2.
> >
> >
> > On 6/21/06, Sami <sy1977@gmail.com> wrote:
> > >
> > > Group,
> > >
> > > One of task say configure AS200 so that it will only send out
> traffic
> > from
> > > this link to AS100 and it's directly connected customer.
> > > I configured as-path access list as below but still R2 is receiving
> > routes
> > > from other than 100 and 54. what could be the problem ?
> > >
> > > *R2#show ip as-path-access-list
> > > AS path access list 58
> > > permit ^100(_[0-9]+)?$
> > > *
> > > R2#show running-config | section bgp
> > > router bgp 200
> > > no synchronization
> > > bgp router-id 150.1.2.2
> > > bgp log-neighbor-changes
> > > network 129.1.3.0 mask 255.255.255.128
> > > network 129.1.3.128 mask 255.255.255.128
> > > network 129.1.17.0 mask 255.255.255.0
> > > aggregate-address 129.1.0.0 255.255.0.0
> > > neighbor 129.1.23.3 remote-as 200
> > > neighbor 129.1.23.3 next-hop-self
> > > neighbor 129.1.23.3 route-map R4 out
> > > neighbor 129.1.124.4 remote-as 100
> > > neighbor 129.1.124.4 route-map default in
> > > neighbor 129.1.124.4 route-map R4 out
> > > *neighbor 129.1.124.4 filter-list 58 in
> > > * neighbor 192.10.1.254 remote-as 254
> > > neighbor 192.10.1.254 password CISCO
> > > no auto-summary
> > >
> > >
> > > R2#show ip bgp
> > > BGP table version is 39, local router ID is 150.1.2.2
> > > Status codes: s suppressed, d damped, h history, * valid, > best, i
> -
> > > internal,
> > > r RIB-failure, S Stale
> > > Origin codes: i - IGP, e - EGP, ? - incomplete
> > >
> > > Network Next Hop Metric LocPrf Weight Path
> > > *>i0.0.0.0 129.1.17.7 0 500 0 100 i
> > > * 129.1.124.4 0 200 0 100 i
> > > *> 28.119.16.0/24 129.1.124.4 0 100 54
> i
> > > * i 129.1.124.4 0 100 0 100 54
> i
> > > *> 28.119.17.0/24 129.1.124.4 0 100 54
> i
> > > * i 129.1.124.4 0 100 0 100 54
> i
> > > **>i112.0.0.0 129.1.124.4 0 100 0 100 54
> 50
> > 60
> > > i
> > > *>i113.0.0.0 129.1.124.4 0 100 0 100 54
> 50
> > 60
> > > i
> > > **> 114.0.0.0 129.1.124.4 0 100 54
> i
> > > * i 129.1.124.4 0 100 0 100 54
> i
> > > *> 115.0.0.0 129.1.124.4 0 100 54
> i
> > > * i 129.1.124.4 0 100 0 100 54
> i
> > > *> 116.0.0.0 129.1.124.4 0 100 54
> i
> > > * i 129.1.124.4 0 100 0 100 54
> i
> > > *> 117.0.0.0 129.1.124.4 0 100 54
> i
> > > * i 129.1.124.4 0 100 0 100 54
> i
> > > *> 118.0.0.0 129.1.124.4 0 100 54
> i
> > >
> > > Thanks
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> >
> >
> > --
> > Kind Regards,
> >
> > Bajo
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:33 ART