bgp as path access lists for internet

carl_townshend · ‎04-24-2014

Hi all

when people normally peer with isp for internet do most people use as path access lists ?

if so what would you normally put in there, would it be allow only routes coming from the isp as etc ? can someone give an example ?

cheers

Carl

Nagendra Kumar Nainar · ‎04-24-2014

Hi Carl,

It depends on the local policy. But is not mandatory to have AS Path ACL always.

Few Enterprise which are dual homed might result in acting as transit AS if one AS prefer the Enterprise as best path. To avoid, they can use AS Path ACL to advertise only the prefixes originated from self AS.

carl_townshend · ‎04-24-2014

how would I make sure I only receive routes coming from my ISP's AS ?

Jon Marshall · ‎04-24-2014

Carl

It's not what you receive in terms of routes because your ISP will send you all routes (if that is what you want) or they can send partial routes or just a default.

It is to do with which routes you advertise. Imagine you are dual homed to the internet either with one ISP or more. You need to make sure that the routes you receive on one connection are not then advertised back out the other connection.

If they are then you may become a transit AS ie. your site may be seen as the best path to get to locations that are not in your company.

So a common use of AS Path acls is to filter outgoing advertisements to your ISP(s). You would match on routes with no AS in the path ie. the routes that are local to your company. Any other routes ie. the ones received from either ISP would already have AS numbers in the path so they would not be advertised.

Jon