09-07-2016 02:12 AM - edited 03-05-2019 04:39 AM
We currently have 2 peerings (BGP)our MPLS provider at our Primary and our secondary data centre. There is a layer 2 pipe between the Primary and the secondary site. The primary has a different AS number and the secondary has a different AS number. The ISP has the same AS number at both primary and secondary connections and run ibgp between their routers. We have mutual redistribution between our IGP (ospf) and BGP.
ISP A------ Primary data centre (AS B)
]
ISP A -----Secondary Data centre (AS C)
As we have mutual redistribution, The routes that we redistribute at the Primary data centre are being learned by BGP at our secondary Data centre. Now I know that we have to use prefix list to control what networks we can accept from our provider and that should filter out any IGP routes that were redistribute at either of the Data centres. We should be looking to redesign the BGP so that we do not advertise 2 different AS into our provider. This will be implemented in the future.
I would like to use BGP regular expressions to filter out any routes that has the AS of the Secondary data centre for the routes received from the peer at the Primary data centre, vice a versa. I know this is not ideal but this will help out filter any routes that were redistributed from the IGP. Going forward we will use a prefix list to filter to only accept networks that we expect from our peer
AS path Access list 10
deny _AS C
AS path Access list 30
permit .*
route-map remote-only, deny, sequence 20
Match clauses:
as-path (as-path filter): 30
neighbor x.x.x.x route-map remote-only in
Apply the above to the Primary data centre
Apply the below to the secondary data centre
AS path Access list 10
deny _ASB_
AS path Access list 30
permit .*
route-map remote-only, deny, sequence 20
Match clauses:
as-path (as-path filter): 30
neighbor x.x.x.x route-map remote-only in
Will the above BGP regular expression stop the Advertisements from the ISP A ?
09-07-2016 02:31 AM
After applying above config.This will not stop the advertisement from ISP but it will not accept by the DC router which has peering with ISP
on DC router you could see these routes advertised by ISP and it it received by your DC router
sh ip bgp nei x.x.x.x received-routes
but on DC router you could see these routes not accepted by your DC router
sh ip bgp nei x.x.x.x routes
Regards,
Pawan (CCIE#52104)
Kindly rate for useful post.
09-07-2016 02:51 AM
Hi Pawan,
Thanks for the helpful reply. Currently we have a mutual redistribution of our IGP routes at Primary and secondary data centre between bgp and ospf. The reason i wanted to implement the bgp regular epxression is to filter out any routes at the primary data centre that has the AS of the Secondary data centre. (vice a versa at the secondary data centre)
After putting the above bgp regular expression, Am i right in saying that i will not see any entries of the secondary data centre AS in the #sh ip bgp output ?
Thanks
09-07-2016 03:02 AM
Yes that's right. Also You can test it in GNS3 or simulator before going to production.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide