North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Path Filtering

  • From: Brian Wallingford
  • Date: Thu May 15 23:29:01 2003

I'd probably err on the most cautious side and use strict inbound prefix
filters, only using outbound as-path filters toward upstreams as a sanity
check.

Unless you're a legacy peer with large networks, chances are you'll be
expected to arrange for acl mods with your peers/upstreams to propagate
your clients' announcements anyway.

hth,
Brian

ps - you're correct - there doesn't appear to be a BCP.  Common sense,
tempered by a healthy dose of skepticism regarding one's clients'
competency would seem to steer the solution :)

On Thu, 15 May 2003, Mark Radabaugh wrote:

:
:I'm having a hard time finding best practices for filtering outbound bgp
:announcements when providing transit to bgp-speaking customers.  While we
:currently multi-home to several providers it appears we will soon need to
:provide transit for customers with their own AS's.
:
:I find lots of references (and understand) the basic
:
:ip as-path access-list 3 permit ^$
:
:and it would seem that should we wish to provide transit for a bgp customer
:AS12345 we would use:
:
:ip as-path access-list 3 permit ^12345$
:
:but I think this breaks if AS12345 prepends their advertisement.
:
:Next up is:
:
:ip as-path access-list 3 permit ^12345_[0-9]$*
:
:Which seems correct to me.   Is this still best practice (or even correct)?