Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
9
Helpful
5
Replies

BGP - Full table question

Go to solution
johnelliot6
Level 2
Level 2

‎04-04-2011 05:29 PM - edited ‎03-04-2019 11:58 AM

Hi,

We have multiple upstreams, none of which are currently sending us full bgp table(Only default, and some domestic routes) - We have a client who is requesting we peer with them and advertise the full bgp table.

Obviously we will need to get full table from one of our Upstreams(We are running 7200 w/ G2, so ram should be sufficient).

What is the recommended way to "accept" the full table from one of our upstreams?

Currently we simply have route-map+acl for in+out advertisements - I cant imagine adjusting the "in" acl to allow any any is best practice?

And once we have the full table, what is the recommended way to then advertise this to the client (Again, we currently just use route-map+acl for this)

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Laurent Aubert
Cisco Employee
Cisco Employee

‎04-04-2011 11:36 PM

Hi,

As best practices you should filter:

- Your own prefixes to avoid any spoofing issue

- Bogon prefixes: http://www.team-cymru.org/Services/Bogons/bogon-dd.html

Other than that this is the full routing table so you can really filter it by definition ;-)

Now if you have several upstreams peer and you receive the full routing from only one, be carefull that it doesn't attract all your egress traffic (including the one from your other customers) as this from where you will have more specific routes.

HTH

Laurent.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Laurent Aubert
Cisco Employee
Cisco Employee

‎04-04-2011 11:36 PM

Hi,

As best practices you should filter:

- Your own prefixes to avoid any spoofing issue

- Bogon prefixes: http://www.team-cymru.org/Services/Bogons/bogon-dd.html

Other than that this is the full routing table so you can really filter it by definition ;-)

Now if you have several upstreams peer and you receive the full routing from only one, be carefull that it doesn't attract all your egress traffic (including the one from your other customers) as this from where you will have more specific routes.

HTH

Laurent.

0 Helpful

Go to solution
johnelliot6
Level 2
Level 2
In response to Laurent Aubert

‎04-05-2011 10:53 PM

Thanks - An for advertisement to client, it is a permit any any?

0 Helpful

Go to solution
Laurent Aubert
Cisco Employee
Cisco Employee
In response to johnelliot6

‎04-13-2011 09:34 AM

Once you did your own filtering, you should advertise everything to your customer. He will have to implement his own filtering rules to protect himself.

Be sure you accept only his prefixes and nothing else.

HTH

Laurent.

Go to solution
johnelliot6
Level 2
Level 2
In response to Laurent Aubert

‎04-13-2011 02:53 PM

Thanks Laurent - Most helpful!

Quick question on the bogon routes acl:

Does the following deny default route from being accepted from upstream?
access-list 97 deny   0.0.0.0 0.255.255.255

0 Helpful

Go to solution
Laurent Aubert
Cisco Employee
Cisco Employee
In response to johnelliot6

‎04-13-2011 02:59 PM

Yes

HTH

Laurent.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card