looks like a question that we'd need to clarify with the proctor. I'd be interested to know if it was actually possible to give outbound routes an AS TTL type of expiry to limit the number of AS hops that the routes are exported to.
The 'no-export' option can be used to limit the routes to the adjacent AS, but what about 2 or more ASs? I've looked at potentially using AS path prepending so that when the AS path number reaches 255, they become invalid but apart from being very messy, I think it would produce inconsistent results as per following link: http://wiki.nil.com/Limit_the_maximum_BGP_AS-path_length On Wed, Nov 30, 2011 at 4:28 AM, sameer khan <[email protected]> wrote: > > does transit means successful ping or any other traffic or just > unidirectional traffic counts ? imho unidirectional traffic cann't produce > any successful ping or any other traffic. > > now the question is how will the proctor test the validity of the correct > solution. > if you check the bgp table on AS101 then DSG is valid but if it checked on > AS101 and AS300 then the solution is invalid. > other way is to simple ping or traceroute i guess > > > > ---------------------------------------- > > From: [email protected] > > Date: Tue, 29 Nov 2011 14:30:16 +0100 > > To: [email protected]; [email protected] > > Subject: Re: [OSL | CCIE_RS] Vol2-Lab20-Task7.3 BGP - Transit AS > filtering > > > > James, > > > > I get what you are saying! You have a point there. > > > > On Tue, Nov 29, 2011 at 7:14 AM, James Roc <[email protected]> > wrote: > > > > > There is no loop in the topology, so there would be no reason for > routes > > > not to be accepted. > > > > > > AS101 - AS50 - AS102 - ASXXX - AS300 > > > > > > In this scenario, AS300 would have routes to AS101 but due to the > as-path > > > filtering, AS101 would not have routes to AS300. > > > > > > So, in theory, AS300 could still send packets to AS101, thus > transitting > > > AS50. > > > > > > On Mon, Nov 28, 2011 at 11:17 PM, Oluwagbenga Oyebande < > > > [email protected]> wrote: > > > > > >> Saleh, > > >> > > >> It seems ip as-path access-list 1 permit ^102_[0-9]*$ will not meet > the > > >> requirements because it will also permit AS300 to transit AS50 > > >> > > >> James, > > >> > > >> I thought BGP's inherent loop prevention mechanism takes care of that > > >> path you are looking at. If my AS is in the AS path I wouldn't accept > such > > >> a route. That would be a loop. > > >> > > >> > > >> On Mon, Nov 28, 2011 at 1:55 AM, James Roc <[email protected]> > wrote: > > >> > > >>> yep, I missed the ) thats a typo > > >>> > > >>> although its the lack of outbound route filtering that Im interested > in. > > >>> > > >>> It looks like the DSG solution doesnt completely prevent AS50 from > being > > >>> a transit AS. > > >>> > > >>> On Mon, Nov 28, 2011 at 9:16 AM, Oluwagbenga Oyebande < > > >>> [email protected]> wrote: > > >>> > > >>>> did you mean to type ip as-path access-list 73 permit > ^102(_[0-9]+*)* > > >>>> ?$ > > >>>> > > >>>> On Sun, Nov 27, 2011 at 12:30 PM, James Roc <[email protected] > >wrote: > > >>>> > > >>>>> Hi All, > > >>>>> > > >>>>> This question asks to 'ensure that only directly connected clients > of > > >>>>> AS102 > > >>>>> can transit AS50'. > > >>>>> > > >>>>> AS101 - AS50 - AS102 - ASXXX > > >>>>> > > >>>>> The DSG uses the following inbound as-path acl on the AS50 router > > >>>>> peering > > >>>>> to AS102: > > >>>>> > > >>>>> ip as-path access-list 73 permit ^102(_[0-9]+?$ > > >>>>> > > >>>>> This filters the required routes entering AS50 from AS102 but there > > >>>>> are no > > >>>>> outbound filters. > > >>>>> > > >>>>> In the following topology, routes from AS101 could pass through > AS50 to > > >>>>> AS102 and beyond. > > >>>>> > > >>>>> AS101 - AS50 - AS102 - ASXXX - AS300 > > >>>>> > > >>>>> So while AS101 would not have a synchronous return route, AS300 > could > > >>>>> still > > >>>>> transit AS50 to reach AS101. > > >>>>> > > >>>>> Given that changes can only be done on AS50, whats the best way to > > >>>>> prevent > > >>>>> this? > > >>>>> > > >>>>> Cheers > > >>>>> James > > >>>>> _______________________________________________ > > >>>>> For more information regarding industry leading CCIE Lab training, > > >>>>> please visit www.ipexpert.com > > >>>>> > > >>>>> Are you a CCNP or CCIE and looking for a job? Check out > > >>>>> www.PlatinumPlacement.com > > >>>>> > > >>>>> To Unsubscribe from this list please visit the following link and > > >>>>> follow the directions to unsubscribe. > > >>>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs > > >>>>> > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> -- > > >>>> Olugbenga Oyebande > > >>>> MD, DAIT > > >>>> 234-803-302-5287 > > >>>> http://www.dait-ng.com > > >>>> Cisco Unified Network, VPN > > >>>> DAIT Enterprise Network Servers > > >>>> Broadband Internet Deployment & ISP Consultancy > > >>>> > > >>>> > > >>> > > >> > > >> > > >> -- > > >> -- > > >> Olugbenga Oyebande > > >> MD, DAIT > > >> 234-803-302-5287 > > >> http://www.dait-ng.com > > >> Cisco Unified Network, VPN > > >> DAIT Enterprise Network Servers > > >> Broadband Internet Deployment & ISP Consultancy > > >> > > >> > > > > > > > > > -- > > -- > > Olugbenga Oyebande > > MD, DAIT > > 234-803-302-5287 > > http://www.dait-ng.com > > Cisco Unified Network, VPN > > DAIT Enterprise Network Servers > > Broadband Internet Deployment & ISP Consultancy > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > To Unsubscribe from this list please visit the following link and follow > the directions to unsubscribe. > http://onlinestudylist.com/mailman/listinfo/ccie_rs > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com To Unsubscribe from this list please visit the following link and follow the directions to unsubscribe. http://onlinestudylist.com/mailman/listinfo/ccie_rs
