North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: BGP Path Filtering
I'd probably err on the most cautious side and use strict inbound prefix filters, only using outbound as-path filters toward upstreams as a sanity check. Unless you're a legacy peer with large networks, chances are you'll be expected to arrange for acl mods with your peers/upstreams to propagate your clients' announcements anyway. hth, Brian ps - you're correct - there doesn't appear to be a BCP. Common sense, tempered by a healthy dose of skepticism regarding one's clients' competency would seem to steer the solution :) On Thu, 15 May 2003, Mark Radabaugh wrote: : :I'm having a hard time finding best practices for filtering outbound bgp :announcements when providing transit to bgp-speaking customers. While we :currently multi-home to several providers it appears we will soon need to :provide transit for customers with their own AS's. : :I find lots of references (and understand) the basic : :ip as-path access-list 3 permit ^$ : :and it would seem that should we wish to provide transit for a bgp customer :AS12345 we would use: : :ip as-path access-list 3 permit ^12345$ : :but I think this breaks if AS12345 prepends their advertisement. : :Next up is: : :ip as-path access-list 3 permit ^12345_[0-9]$* : :Which seems correct to me. Is this still best practice (or even correct)?