Transit AS

Ibrahim Jamil · ‎04-27-2012

Hi Experts

if u only receive a default route from ISP's ,its impossible to become a transit as,am i right

also do i need to filter to bogon subnet also with both ISP?

thanks

jamil

Vasileios Bouloukos MSc, ITIL, CCIE · ‎04-27-2012

Hi Ibrahim,

Yes, it is possible a router which peers to two or more different providers via BGP to become transit even with one route.

Yes, it is recommended to filter these subnets.

This can be achieved by configuring route-maps or prefix list to the bgp neigbors which allow to advertise only the proper subnets to the ISP peers (exclude the default). Or you can assign the no-export community to the default route, so this route can not be advertised outside of your AS. Or you can confiugre AS-PATH lists to permit only the subnets from your AS.

As you can see BGP offers many options to not be your router transit

Hope that helps,

Vasilis

Ibrahim Jamil · ‎04-28-2012

Hi Vasilis

thanks for ur reply

even with default route from both ISPs,y may become a transit path!!how come buddy?

thanks

jamil

Dan-Ciprian Cicioiu · ‎04-28-2012

Hi Ibrahim,

Usually the ISP filters what it accepts from clients based on

* client AS and info from the RIR ( RIPE, ARIN etc )

* just from the client's techical details ( client : I want to advertise to the internet the prefix .x.x.x.x/24 ).

Anyway it's also the ISPs interest to mitigate this kind or risk.

It's hard to say if you'll be transit by receiving and advertising the default route from one ISP to another, because you do not know the ISP topology , how does it originate the default route , what filters does it have and so on. But I think that it's for the best to know that there is no way to became transit from your fault

It's very easy to solve the transit issue if you are an enterprise :

ip as-path access-list 1 permit ^$

route-map OUT permit 1

match ip as-path 1

router bgp xxxxx

nei y.y.y.y route-map OUT

nei z.z.z.z route-map OUT

The as path acl regular expression will match all the routes locally originated ( network or redistributed ). So there is no need to match specific routes or communities.

Dan

Ibrahim Jamil · ‎04-28-2012

Hi Dan

Thanks for ur reply

we are an enterprise with public as along with 3 class C address,we multihoming two two different ISPs,we receive a default route from them , now do we need to configure communities and send it to them?if so what is the benefits of this

communities?

thank

jamil

Dan-Ciprian Cicioiu · ‎04-28-2012

Hi Ibrahim,

I'm not sure if I understand your question well.

Because there are 2 cases :

- you set the community to your prefixes - according to RFC1998 - in order to control how your ISP is dealing with them

- you set the community to the ISP prefixes - in order to group them and control them based on community-id.

Dan

Ibrahim Jamil · ‎04-28-2012

Hi Dan

Excuse me dan

can y explain more the below:

--you set the community to your prefixes - according to RFC1998 - in order to control how your ISP is dealing with them

--you set the community to the ISP prefixes - in order to group them and control them based on community-id.

thanks

jamil

Dan-Ciprian Cicioiu · ‎04-28-2012

Sure Jamil,

a) You can use communities , in order to group prefixes received from the ISP and then to use this community in order to apply a policy on your network without having to match the exact prefix , but using this community. The community is some kind of tag. Usually the community is set when the a prefix is entering the network.I do not think that taging with a community will help you in the case of receiving only the default route.

b) There is a RFC1998, that explains how an ISP can help it's costumers, to control the policy applied to their prefixes on its network. How come ? The ISP defines a list of communities,and for each community id , the ISP will take an acction. This depends on your ISP's network, so this is not a standard setup.

Dan

Ibrahim Jamil · ‎04-28-2012

Thanks Dan