Thanks for the help. I have the 1st edition. I believe you are talking
about, translated to 1st edition speak, Chapter 7 redundancy, Symmetry and
Load Balancing and pg 177-178 for the reg expression.
Thanks for the suggestion. I was actually trying to do just as you
suggested. I forgot 1 simple rule; explicit deny any.
ip as-path access-list 20 deny _AS#$ blocked everything,
but when I added
ip as-path access-list 20 permit .* everything worked.
I know your concerns about blocking an AS from a provider. We are also
receiving default advertisements from the providers. This isn't an ideal
situation, but 1 router has 64Mb and the other 128Mb.
I'm not applying any filtering on networks/AS received from ISP A. They are
sending a default, and networks local to their AS.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Ed Horley
Sent: Tuesday, August 14, 2001 2:55 PM
To: [EMAIL PROTECTED]
Subject: Re: Regular expressions - BGP AS Path filtering [7:16068]
Bill,
For what you are asking you can try something like the following:
router bgp
no sync
network w.x.y.z (your network advertisement)
...
neighbor A.A.A.A
neighbor A.A.A.A filter-list 10 in
neighbor A.A.A.A filter-list 15 out
...
neighbor B.B.B.B
neighbor B.B.B.B filter-list 20 in
neighbor B.B.B.B filter-list 25 out
ip as-path access-list 10 deny
ip as-path access-list 10 permit
ip as-path access-list 15 ^$ (permit your local stuff outbound)
ip as-path access-list 20 deny
ip as-path access-list 20 deny _$ (don't take anything with
ISP A's AS number as the origination of the path)
ip as-path access-list 20 permit .* (everything else)
ip as-path access-list 25 ^$ (permit your local stuff outbound)
With this config just remember if the link on router A fails you will not
have a backup link to their AS path thru router B's link. I don't think you
want to do this, you have a couple of options on configs. The best way to
figure out what you want for redundancy and load balancing is to refer to
Chapter 7 of Halabi's book Internet Routing Architectures.
This sample has all the standard disclaimers. I would typically have a lot
more in filter lists and access-lists but you can't include everything...
Hope that helps.
Ed
""Bill Carter"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm having trouble with this AS-Path situation. I have 2 routers (A and
B)
> running iBGP to each other.
>
> Each router has a single eBGP connection to a different service provider.
>
> ISP-A ISP-B
> | |
> A-------B
>
> From ISP A I am receiving partial routes, basically network within its AS.
>
> From ISP B I am receiving full internet routes.
>
> Here is the problem: The partial routes from ISP A are summarized, and the
> routes from ISP may not be summarized. So my router A has an entry for
> 12.0.0.0/8 and the AS path has 1 entry. Router B
> receives the 12.0.0.0/8 through iBGP and also more specific routes from
> ISP-B (12.20.1.0/24, 12.96.0.0/16). In router B the 12.X.X.X BGP entries
> have the ISP-A AS# as the first entry in the AS-Path.
>
> Router B, because of the longest match rule, prefers the Router B-->ISP B
> path for the more specific networks.
>
> I would like to use IP as-path filters to filter incoming updates from
ISP-B
> so not to learn networks originating from ISP-A AS#.
>
> What is the regular expression to do this??
> ip as-path access-list 20 deny ?????? ^as#_ _as#$
>
>
> From sho ip bgp
> Network Next Hop
> *> 12.0.0.0 A.A.A.A NEIGHBOR
> *> 12.0.48.0/20 B.B.B.B NEIGHBOR
> *> 12.0.252.0/23 B.B.B.B NEIGHBOR
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16085&t=16068
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
