Cisco: BGP Dua Link No Transit

From OnnoWiki
Revision as of 12:30, 27 December 2018 by Onnowpurbo (talk | contribs) (Created page with "sumber: http://routerric.blogspot.com/2010/03/bgp-transit-ass-and-how-to-avoid.html How can you prevent your own BGP AS becoming a transit path? This can be achieved by makin...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

sumber: http://routerric.blogspot.com/2010/03/bgp-transit-ass-and-how-to-avoid.html

How can you prevent your own BGP AS becoming a transit path? This can be achieved by making use of a distribute-list or a prefix-list. However these methods do not scale well as future ip addressing changes or additions require access lists to be revisited. 

BB1 ------ R1 (AS 101) ------- R2 (AS 101) ------- BB2

Here are 2 options that scale and do not require revisiting when ip addresses change.

OPTION 1 - Make use of the no-export community.

Here i apply the community no-export to ALL incoming bgp routes. 

R1
route-map NOEXPORT
set community no-export  

router bgp 101
neigh {ip addr BB1} route-map NOEXPORT in
neigh {ip addr r2} send-community


OPTION 2 – Make use of the filter-list command

Here i create an as-path access list and only allow bgp routes originated in the routers own as (AS 101) to be advertised out. 

R2
ip as-path access-list 1 permit ^$

router bgp 101
neigh {ip addrBB2} filter-list 1 out


With both commands i use show ip bgp {ip address} advertise for verification of advertised routes.



Referensi

Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Cisco:_BGP_Dua_Link_No_Transit&oldid=53722"