cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
624
Views
0
Helpful
2
Replies

tricky route-map

lars
Level 1
Level 1

Hi there

A collegue of mine has asked me to create the following:

A customer is connected onto a 7204vxr. The router is running BGP. The router is receiving a full BGP feed. Some of these routes are marked with a community (community A and community B).

This particular customer is only allowed to access prefixes with community A, but anyone else connected to the router is allowed to access prefixes with community A and B.

The customer has no control of the router which I as ISP am controlling.

Is it possible to create a dynamic kind of access-list for this particular customer, so he is not able to reach community B?

1 Accepted Solution

Accepted Solutions

ruwhite
Level 7
Level 7

How is the customer connected to this router? Through another router, or directly? The only way to do this would be to run BGP to the customer's router, and give them a feed of BGP routes filtered for the right communities, and not a default route. There's no way to translate a set of routing entries into an access list dynamically, at this point.

One option, if you don't want to run BGP to the customer, might be to set up a VRF, and add the customer's interface to that VRF. Then, configure BGP to import the routes marked with the "allow" community into their VRF, so that when packets come in, there's no route if the route isn't in the VRF, so it would be dropped there. I've attached the docs I have for this feature, I couldn't find it on CCO.

:-)

Russ.W

View solution in original post

2 Replies 2

ruwhite
Level 7
Level 7

How is the customer connected to this router? Through another router, or directly? The only way to do this would be to run BGP to the customer's router, and give them a feed of BGP routes filtered for the right communities, and not a default route. There's no way to translate a set of routing entries into an access list dynamically, at this point.

One option, if you don't want to run BGP to the customer, might be to set up a VRF, and add the customer's interface to that VRF. Then, configure BGP to import the routes marked with the "allow" community into their VRF, so that when packets come in, there's no route if the route isn't in the VRF, so it would be dropped there. I've attached the docs I have for this feature, I couldn't find it on CCO.

:-)

Russ.W

Hi Russ.

Your anwser is just as I expected :)

I do believe my collegue ows me a cold beer because he claimed otherwise. (I said it is not possible without BGP and he claimed it is :))

Cheers, Lars

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: