Actually, you shouldn't need network statements even for your own
origination if you redistributed static and connected and have the
appropriate tie down routes. You also tag your internal traffic (/30s etc)
again with a different community and obviously not announce that where it's
not needed. You can create prefix-lists, something like
ip prefix-list our-cidr seq 5 a.b.c.d/19
and the matching internaly only using the x le y sets and you should be good
although as in all things, there are more than one right answer. I'm just a
big believer in keeping the keystrokes to a minimum where possible, removes
the possibility for fat finger errors which I don't know about you but have
burned me more than once.:)
Tropical storms in the South East, hmmm. I need to get ready for these
myself considering I just moved from California to the south east US. I've
got to say this doesn't surprise me. I've seen operators, especially cable
providers use prefix lists in the most inappropriate ways. I guess you do
what you know but wow!
-----Original Message-----
From: Jon Lewis
Sent: Thursday, August 18, 2011 6:48 PM
To: Jay Nakamura
Cc: cisco-nsp
Subject: Re: [c-nsp] BGP question : What's the best way for filtering
outgoingprefixes?
On Thu, 18 Aug 2011, Scott Granados wrote:
Go with option A, community tags are your friend. It also removes the
need
for any network statements in your config thus reducing the work in the
long
term.
You'll probably still need some network statements in your config at least
for all your own routes.
The best part about using community tags for BGP filtering are, you only
have to setup an appropriate route-map/prefix-list on the router servicing
the BGP customer. Once you receive/accept their route and tag it on that
router, the rest of your network knows what to do with it based on the
community tag.
I was absolutely shocked the last time I helped a customer turn up BGP
with a (primarily cable) transit provider, and was told that the turnup
was being held up because it required updating prefix filters on their
core routers, and they could only do that during a maintenance window and
they weren't allowed to schedule any maintenance windows because a
tropical storm was threatening to impact the SE US.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
