04-04-2011 05:29 PM - edited 03-04-2019 11:58 AM
Hi,
We have multiple upstreams, none of which are currently sending us full bgp table(Only default, and some domestic routes) - We have a client who is requesting we peer with them and advertise the full bgp table.
Obviously we will need to get full table from one of our Upstreams(We are running 7200 w/ G2, so ram should be sufficient).
What is the recommended way to "accept" the full table from one of our upstreams?
Currently we simply have route-map+acl for in+out advertisements - I cant imagine adjusting the "in" acl to allow any any is best practice?
And once we have the full table, what is the recommended way to then advertise this to the client (Again, we currently just use route-map+acl for this)
Thanks in advance.
Solved! Go to Solution.
04-04-2011 11:36 PM
Hi,
As best practices you should filter:
- Your own prefixes to avoid any spoofing issue
- Bogon prefixes: http://www.team-cymru.org/Services/Bogons/bogon-dd.html
Other than that this is the full routing table so you can really filter it by definition ;-)
Now if you have several upstreams peer and you receive the full routing from only one, be carefull that it doesn't attract all your egress traffic (including the one from your other customers) as this from where you will have more specific routes.
HTH
Laurent.
04-04-2011 11:36 PM
Hi,
As best practices you should filter:
- Your own prefixes to avoid any spoofing issue
- Bogon prefixes: http://www.team-cymru.org/Services/Bogons/bogon-dd.html
Other than that this is the full routing table so you can really filter it by definition ;-)
Now if you have several upstreams peer and you receive the full routing from only one, be carefull that it doesn't attract all your egress traffic (including the one from your other customers) as this from where you will have more specific routes.
HTH
Laurent.
04-05-2011 10:53 PM
Thanks - An for advertisement to client, it is a permit any any?
04-13-2011 09:34 AM
Once you did your own filtering, you should advertise everything to your customer. He will have to implement his own filtering rules to protect himself.
Be sure you accept only his prefixes and nothing else.
HTH
Laurent.
04-13-2011 02:53 PM
Thanks Laurent - Most helpful!
Quick question on the bogon routes acl:
Does the following deny default route from being accepted from upstream?
access-list 97 deny 0.0.0.0 0.255.255.255
04-13-2011 02:59 PM
Yes
HTH
Laurent.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide