[58486] in North American Network Operators' Group
Re: BGP Path Filtering
daemon@ATHENA.MIT.EDU (Brian Wallingford)
Thu May 15 23:27:31 2003
Date: Thu, 15 May 2003 23:16:28 -0400 (EDT)
From: Brian Wallingford <brian@meganet.net>
To: Mark Radabaugh <mark@amplex.net>
Cc: nanog@merit.edu
In-Reply-To: <004801c31b52$f4994720$086df640@amplex.net>
Errors-To: owner-nanog-outgoing@merit.edu
I'd probably err on the most cautious side and use strict inbound prefix
filters, only using outbound as-path filters toward upstreams as a sanity
check.
Unless you're a legacy peer with large networks, chances are you'll be
expected to arrange for acl mods with your peers/upstreams to propagate
your clients' announcements anyway.
hth,
Brian
ps - you're correct - there doesn't appear to be a BCP. Common sense,
tempered by a healthy dose of skepticism regarding one's clients'
competency would seem to steer the solution :)
On Thu, 15 May 2003, Mark Radabaugh wrote:
:
:I'm having a hard time finding best practices for filtering outbound bgp
:announcements when providing transit to bgp-speaking customers. While we
:currently multi-home to several providers it appears we will soon need to
:provide transit for customers with their own AS's.
:
:I find lots of references (and understand) the basic
:
:ip as-path access-list 3 permit ^$
:
:and it would seem that should we wish to provide transit for a bgp customer
:AS12345 we would use:
:
:ip as-path access-list 3 permit ^12345$
:
:but I think this breaks if AS12345 prepends their advertisement.
:
:Next up is:
:
:ip as-path access-list 3 permit ^12345_[0-9]$*
:
:Which seems correct to me. Is this still best practice (or even correct)?
