RE: Advice Requested - Filtering Inbound BGP Default Routes
From: NET HE (he_net@hotmail.com)
Date: Tue Jan 20 2009 - 23:07:55 ARST
Below would be my solution:
access-list 1 permit 0.0.0.0 0.0.0.0
ip as-path access-list 1 permit _65001$
route-map abc permit 10
match ip address 1
match as-path 1
(to permit default-route from AS 65001)
route-map abc deny 20
match ip addres 1
(to deny all default-routes from other ASs)
route-map abc permit 30
(to allow all other routes)Best Regards, Net (Xin) He > From:
Andre.Dufour@PAETEC.com> To: ccielab@groupstudy.com> Date: Tue, 20 Jan 2009
13:38:01 -0500> Subject: Advice Requested - Filtering Inbound BGP Default
Routes> > Hello all,> > Any input (sarcastic or otherwise b�: ) would be
appreciated. Ib�m looking for what would be the best and simplest approach and
would like to hear the different approaches. > > Andre> >
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
---------> > Scenario for Inbound Routes received from router B:> > Router A
(AS65000) is peering with router B (AS 65534); straight eBGP peering; nothing
fancy.> > 1) Router A needs to allow only a default route if the default route
was originated in AS 65001 (_65001$). > 2) All other default routes should be
denied no matter the ASN. > 3) All other routes, no matter where they are
originated (no matter the AS), should be allowed / learned. > > > Router A
Mock Config> !> ip as-path access-list 199 deny _65001$> ip as-path
access-list 199 permit .*> !> ip prefix-list default-route seq 5 permit
0.0.0.0/0> !> route-map primary-in deny 10> match ip address prefix-list
default-route > match as-path 199> !> route-map primary-in permit 20 > set
local-preference 150> !> router bgp 6500> neighbor 74.11.64.93 route-map
primary-in in> !> > > Blogs and organic groups at http://www.ccie.net> >
This archive was generated by hypermail 2.1.4
: Sun Mar 01 2009 - 09:43:39 ARST