BGP filtering "best practice"

johnelliot6 · ‎01-16-2012

Hi Guys,

We are setting up a new peering session with a provider for pppoe services - They will be advertising there LAC's to us, and have suggested we do the following:

- Only Accept a /32 advertised prefix

- Only accept a maximum of 500 prefixes

- Only accept prefixes that we Originate (our AS in the AS PATH only)

After some best-practice advice on how to do this, any suggestions/comments on the following filters would be greatly appreciated:

- Only Accept a /32 advertised prefix:

ip prefix-list BGP_TEST seq 5 permit 0.0.0.0/0 le 1

- Only accept a maximum of 500 prefixes

neighbor x.x.x.x maximum-prefix 500

- Only accept prefixes that we Originate (our AS in the AS PATH only) - This would only allow routes that originated in AS100

ip as-path access-list 1 permit ^100$

Cheers.

Marwan ALshawi · ‎01-16-2012

your conifg looks ok except the prefix list that match hosts route /32

where you need to set as:

ip prefix-list BGP_TEST seq 5 permit 0.0.0.0/0 ge 32

The ge means greater than or equal to. in this case ge 32 means greater than or equal to 32

hope this help

if helpful rate

johnelliot6 · ‎01-16-2012

Thanks for the quick response!

And thanks for the correction.

milan.kulik · ‎01-16-2012

Hi,

does "

- Only accept prefixes that we Originate (our AS in the AS PATH only) - This would only allow routes that originated in AS100"

mean your AS number is 100 and you should advertise only prefixes originated in your AS?

In that case you should use

ip as-path access-list 1 permit ^$

in your outbound route-map.

As your AS number is added to the AS-PATH automatically after the outbound filtering is applied.

HTH,

Milan

johnelliot6 · ‎01-17-2012

Hi Milan - no, we are only wanting to accept AS100 advertisements from carrier.

Thanks