From: Pavel Bykov (slidersv@gmail.com)
Date: Fri Jan 23 2009 - 14:53:19 ARST
Your approach is correct, but unconventional.
NET HE's approach is the conventional method.
The only reason why I wouldn't use your solution is that it's harder to
troubleshoot/check/keep track of
based on question.
Your solution would be great if task would require to use 2 RM statements or
less.
On Wed, Jan 21, 2009 at 2:07 AM, NET HE <he_net@hotmail.com> wrote:
> Below would be my solution:
>
> access-list 1 permit 0.0.0.0 0.0.0.0
> ip as-path access-list 1 permit _65001$
>
> route-map abc permit 10
> match ip address 1
> match as-path 1
> (to permit default-route from AS 65001)
> route-map abc deny 20
> match ip addres 1
> (to deny all default-routes from other ASs)
> route-map abc permit 30
> (to allow all other routes)Best Regards, Net (Xin) He > From:
> Andre.Dufour@PAETEC.com> To: ccielab@groupstudy.com> Date: Tue, 20 Jan
> 2009
> 13:38:01 -0500> Subject: Advice Requested - Filtering Inbound BGP Default
> Routes> > Hello all,> > Any input (sarcastic or otherwise b : ) would be
> appreciated. Ib m looking for what would be the best and simplest approach
> and
> would like to hear the different approaches. > > Andre> >
>
> -----------------------------------------------------------------------------
>
> -----------------------------------------------------------------------------
> ---------> > Scenario for Inbound Routes received from router B:> > Router
> A
> (AS65000) is peering with router B (AS 65534); straight eBGP peering;
> nothing
> fancy.> > 1) Router A needs to allow only a default route if the default
> route
> was originated in AS 65001 (_65001$). > 2) All other default routes should
> be
> denied no matter the ASN. > 3) All other routes, no matter where they are
> originated (no matter the AS), should be allowed / learned. > > > Router A
> Mock Config> !> ip as-path access-list 199 deny _65001$> ip as-path
> access-list 199 permit .*> !> ip prefix-list default-route seq 5 permit
> 0.0.0.0/0> !> route-map primary-in deny 10> match ip address prefix-list
> default-route > match as-path 199> !> route-map primary-in permit 20 > set
> local-preference 150> !> router bgp 6500> neighbor 74.11.64.93 route-map
> primary-in in> !> > > Blogs and organic groups at http://www.ccie.net> >
> _______________________________________________________________________>
> Subscription information may be found at: >
> http://www.groupstudy.com/list/CCIELab.html> > > > > > >
> _________________________________________________________________
> Keep in touch and up to date with friends and family. Make the connection
> now.
> http://www.microsoft.com/windows/windowslive/
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Pavel Bykov ---------------- Don't forget to help stopping the braindumps, use of which reduces value of your certifications. Sign the petition at http://www.stopbraindumps.com/Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST