BGP - Chapter 24 - Prevent Transit As

8/19/2019 networkrescuer: BGP - Chapter 24 - Prevent Transit AS
‫ﺗﺳﺟﯾل اﻟﺧروج‬ ‫ﻟوﺣﺔ اﻟﺑﯾﺎﻧﺎت اﻟرﺋﯾﺳﯾﺔ‬ georgeshows01@gmail.com
networkrescuer
Search This Blog Sunday, March 11, 2018
Search
BGP - Chapter 24 - Prevent Transit AS
Home By default BGP will advertise all prefixes to EBGP (External BGP) neighbors. This means that
you might become a transit AS. Let me show you an example:
About Me
networkrescuer
View my complete profile
▼
▼ 2018 (124)
►
► October (11)
►
► September (42)
▼
▼ March (71)
BGP Extended - Chapter 1 - BGP Multipath load
shar...
IPv6 Routing Chapter 11 - Troubleshooting IPv6
Red...
IPv6 Routing Chapter 10 - Configure IPv6
Redistrib...
IPv6 Routing Chapter 9 - BGP IPv6 Route Filtering
...
IPv6 Routing Chapter 8 - Multiprotocol BGP (MP-
BGP...
R1 is connected to ISP1 and ISP2 and each router is in a different AS (Autonomous System).
IPv6 Routing Chapter 7 - Troubleshooting IPv6
OSPF...
to reach each other. In order to prevent this we’ll have to ensure that R1 only advertises pre
IPv6 Routing Chapter 6 - OSPFv3 Prefix
Suppression... As far as I know there are 4 methods how you can prevent becoming a transit AS:
IPv6 Routing Chapter 5 - IPv6 OSPFv3 Default
Route...
Filter-list with AS PATH access-list.
IPv6 Routing Chapter 4 - configure IPv6 OSPFv3
on ... No-Export Community.
IPv6 Routing Chapter 3 - OSPFv2 vs OSPFv3
Prefix-list Filtering
Distribute-list Filtering
IPv6 Routing Chapter 2 - Configure IPv6 EIGRP
on C...
IPv6 Routing Chapter 1 - IPv6 Static Route Prefix-lists or distribute-lists will work but it’s not a very scalable solution if you have thousa
IPv6 Chapter 15 - IPv6 DHCPv6 Prefix Delegation export community work very well since you only have to configure them once and it will not
IPv6 - Chapter 14 - Cisco DHCPv6 Server each router:
Configurat...
IPv6 Chapter 13 - IPv6 Router Advertisement
Prefer... R1(config)#router bgp 1
IPv6 Chapter 12 - Troubleshooting IPv6 Stateless R1(config-router)#neighbor 192.168.12.2 remote-as 2
A...
R1(config-router)#neighbor 192.168.13.3 remote-as 3
IPv6 Chapter 11 - Stateless autoconfiguration for
...
IPv6 Chapter 10 - IPv6 Neighbor Discovery
Protocol... ISP1(config)#router bgp 2
IPv6 Chapter 9 - IPv6 Solicited Node Multicast ISP1(config-router)#neighbor 192.168.12.1 remote-as 1
Add...
IPv6 Chapter 8 - IPv6 General Prefix
IPv6 Chapter 7 - IPv6 Summarization Example
ISP2(config)#router bgp 3
IPv6 Chapter 6 - IPv6 EUI-64 explained ISP2(config-router)#neighbor 192.168.13.1 remote-as 1
IPv6 Chapter 5 - IPv6 Address Assignment
Example
IPv6 - Chapter 4 - IPv6 Address Types The commands above will configure EBGP (External BGP) between R1 – ISP1 and R1 – ISP2. T
IPv6 - Chapter 3 - How to find IPv6 Prefix loopback interfaces in BGP on each router:
IPv6 - Chapter 2 - Shortening IPv6 Addresses
IPv6 Chapter 1 - Intoduction to IPV6
R1(config)#router bgp 1
ICMP (Internet Control Message Protocol)
R1(config-router)#network 1.1.1.0 mask 255.255.255.0
Arista Software upgrade procedure
JUNOS Software Upgrade Procedure
BGP - Chapter 40 - MPLS Layer 3 VPN BGP AS
Overrid... ISP1(config)#router bgp 2
ISP1(config-router)#network 2.2.2.0 mask 255.255.255.0
BGP - Chapter 39 - MPLS Layer 3 VPN BGP
Allow-AS-I...
BGP - Chapter 38 - Route Refresh Capability
BGP - Chapter 37 - Soft Reconfiguration
https://networkrescuer.blogspot.com/2018/03/bgp-chapter-24-prevent-transit-as.html 1/8
BGP - Chapter 36- Remove Private AS

ISP2(config)#router bgp 3
BGP - Chapter 35 - Private and Public AS Range ISP2(config-router)#network 3.3.3.0 mask 255.255.255.0
BGP - Chapter 34 - Multiprotocol BGP (MP-BGP)
BGP Chapter 33 - Backdoor routes
BGP - Chapter 32 - BGP Synchronization With the networks advertised, let’s take a look at the BGP table of ISP1 and ISP2 to see what
BGP - Chapter 31 - BGP Confederation
BGP - Chapter 30 - Route reflectors ISP1#show ip bgp
BGP - Chapter 29 - Peer Groups on Cisco IOS BGP table version is 4, local router ID is 11.11.11.11
BGP - Chapter 28 - Extended Access-List Filtering Status codes: s suppressed, d damped, h history, * valid, > best, i - intern
BGP - Chapter 27 - AS Path Filter Example r RIB-failure, S Stale
BGP - Chapter 26 - IPv6 Route Filtering on Cisco Origin codes: i - IGP, e - EGP, ? - incomplete
I...
BGP - Chapter 24 - Prevent Transit AS Network Next Hop Metric LocPrf Weight Path
BGP - Chapter 23 - Regular Expressions *> 1.1.1.0/24 192.168.12.1 0 0 1 i
Examples
*> 2.2.2.0/24 0.0.0.0 0 32768 i
BGP - Chapter 22 - Community Local AS *> 3.3.3.0/24 192.168.12.1 0 1 3 i
BGP - Chapter 21 - Community No Export
BGP - Chapter 20 - No Advertise community of
BGP
ISP2#show ip bgp
BGP - Chapter 19 - Communities explained
BGP table version is 4, local router ID is 33.33.33.33
BGP - Chapter 18 - BGP MED Attribute
Status codes: s suppressed, d damped, h history, * valid, > best, i - intern
BGP - Chapter 17 - Origin Code Attribute r RIB-failure, S Stale
BGP - Chapter 16 - AS Path Prepending Origin codes: i - IGP, e - EGP, ? - incomplete
BGP - Chapter 15 - BGP Local Preference
Attribute
Network Next Hop Metric LocPrf Weight Path
BGP - Chapter 14 - BGP Weight Attribute
*> 1.1.1.0/24 192.168.13.1 0 0 1 i
BGP - Chapter 13 - Route advertisement *> 2.2.2.0/24 192.168.13.1 0 1 2 i
BGP - Chapter 12 - BGP troubleshoot and *> 3.3.3.0/24 0.0.0.0 0 32768 i
problem so...
BGP - Chapter 11 - Messages
BGP - Chapter 10 - Neighbor states The ISP routers have learned about each other networks and they will use R1 as the next ho
BGP - Chapter 9 - Auto Summary different filtering techniques.
BGP - Chapter 8 - Next Hop Self
BGP - Chapter 7 - Advertise networks in BGP Filter-list with AS PATH access-list
BGP - Chapter 6 - Easy way to read BGP Table
BGP - Chapter 5 - iBGP explained Using an filter-list with the AS PATH access-list is probably the most convenient solution. It w
BGP - Chapter 4 - Ext BGP Multihop your own autonomous system. Here’s how to do it:
BGP - Chapter 3 - Configure EBGP (External
BGP)
R1(config)#ip as-path access-list 1 permit ^$
BGP - Chapter 2 - Single/Dual/Multi-homed
Designs
BGP - Chapter 1 - Basic information - Intro R1(config-router)#neighbor 192.168.12.2 filter-list 1 out
IPv6 prefix R1(config-router)#neighbor 192.168.13.3 filter-list 1 out
JUNIPER ROUTER MX240 - AS LNS
The ^$ regular expression ensures that we will only advertise locally originated prefixes. We
Report Abuse
Keep in mind that BGP is slow…if you are doing labs, it’s best to speed things up with
Let’s verify our configuration:
R1#show ip bgp
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 2.2.2.0/24 192.168.12.2 0 0 2 i
*> 3.3.3.0/24 192.168.13.3 0 0 3 i
R1 still knows about the prefixes from the ISP routers. What about ISP1 and ISP2?
ISP1#show ip bgp
*> 1.1.1.0/24 192.168.12.1 0 0 1 i
*> 2.2.2.0/24 0.0.0.0 0 32768 i
ISP2#show ip bgp

*> 1.1.1.0/24 192.168.13.1 0 0 1 i
*> 3.3.3.0/24 0.0.0.0 0 32768 i
ISP1 and ISP2 only know about the 1.1.1.0 /24 network. Excellent, we are no longer a transit
No-Export Community
Using the no-export community will also work pretty well. We will configure R1 so that prefi
the ISP routers will be tagged with the no-export community. This ensures that the prefixes
those routers will be known within AS 1 but won’t be advertised to other routers.
R1(config)#route-map NO-EXPORT
R1(config-route-map)#set community no-export
R1(config)#router bgp 1
R1(config-router)#neighbor 192.168.12.2 route-map NO-EXPORT in
R1(config-router)#neighbor 192.168.13.3 route-map NO-EXPORT in
I’m only using one router in AS 1, if you have other routers and are running IBGP (Int
BGP) then don’t forget to send communities to those routers with the neighbor <ip>
community command.
Let’s see what ISP1 and ISP2 think about our configuration:
ISP1#show ip bgp

*> 1.1.1.0/24 192.168.12.1 0 0 1 i
*> 2.2.2.0/24 0.0.0.0 0 32768 i
ISP2#show ip bgp

*> 1.1.1.0/24 192.168.13.1 0 0 1 i
*> 3.3.3.0/24 0.0.0.0 0 32768 i
They only know about network 1.1.1.0 /24.
hostname ISP1
!
interface Loopback 0
ip address 2.2.2.2 255.255.255.255
!
interface fastEthernet0/0
ip address 192.168.12.2 255.255.255.0
!
router bgp 2
neighbor 192.168.12.1 remote-as 1
network 2.2.2.0 mask 255.255.255.0
!
end
hostname ISP2
!
ip address 3.3.3.3 255.255.255.255
!
ip address 192.168.13.3 255.255.255.0
!
router bgp 3
network 3.3.3.0 mask 255.255.255.0
!
end
hostname R1
!
ip address 1.1.1.1 255.255.255.255
!
ip address 192.168.12.1 255.255.255.0
!
ip address 192.168.13.1 255.255.255.0
!
router bgp 1
network 1.1.1.0 mask 255.255.255.0
neighbor 192.168.12.2 route-map NO-EXPORT in
neighbor 192.168.13.3 route-map NO-EXPORT in
!
route-map NO-EXPORT
set community no-export
!
end
Onto the next method!
Prefix-List Filtering
Using a prefix-list we can determine what prefixes are advertised to our BGP neighbors. Thi
fine but it’s not a good solution to prevent becoming a transit AS. Each time you add new pr
you’ll have to reconfigure the prefix-list. Anyway let me show you how it works:
R1(config)#ip prefix-list NO-TRANSIT permit 1.1.1.0/24
R1(config-router)#neighbor 192.168.12.2 prefix-list NO-TRANSIT out

R1(config-router)#neighbor 192.168.13.3 prefix-list NO-TRANSIT out
The prefix-list above will only advertise 1.1.1.0 /24 to the ISP routers. Let’s verify the configu
ISP1#show ip bgp

*> 1.1.1.0/24 192.168.12.1 0 0 1 i
*> 2.2.2.0/24 0.0.0.0 0 32768 i
ISP2#show ip bgp

*> 1.1.1.0/24 192.168.13.1 0 0 1 i
*> 3.3.3.0/24 0.0.0.0 0 32768 i
The prefix-list is working as it should.
hostname ISP1
!
ip address 2.2.2.2 255.255.255.255
!
ip address 192.168.12.2 255.255.255.0
!
router bgp 2
network 2.2.2.0 mask 255.255.255.0
!
end
hostname ISP2
!
ip address 3.3.3.3 255.255.255.255
!
ip address 192.168.13.3 255.255.255.0
!
router bgp 3
network 3.3.3.0 mask 255.255.255.0
!
end
hostname R1
!
ip address 1.1.1.1 255.255.255.255
!
ip address 192.168.12.1 255.255.255.0
!
ip address 192.168.13.1 255.255.255.0
!
router bgp 1
network 1.1.1.0 mask 255.255.255.0
neighbor 192.168.12.2 prefix-list NO-TRANSIT out
neighbor 192.168.13.3 prefix-list NO-TRANSIT out
!
ip prefix-list NO-TRANSIT permit 1.1.1.0/24
!
end
Onto the last exercise!
Distribute-list Filtering
This method is similar to using the prefix-list but this time we’ll use an access-list.
R1(config)#ip access-list standard NO-TRANSIT

R1(config-std-nacl)#permit 1.1.1.0 0.0.0.255
R1(config-router)#neighbor 192.168.12.2 distribute-list NO-TRANSIT out

R1(config-router)#neighbor 192.168.13.3 distribute-list NO-TRANSIT out
Time to check the ISPs:
ISP1#show ip bgp

*> 1.1.1.0/24 192.168.12.1 0 0 1 i
*> 2.2.2.0/24 0.0.0.0 0 32768 i
ISP2#show ip bgp

*> 1.1.1.0/24 192.168.13.1 0 0 1 i
*> 3.3.3.0/24 0.0.0.0 0 32768 i
That’s all there is to it.
I hope this has been helpful for you, if you know of any other methods to prevent becoming
transit AS please leave a comment!
hostname ISP1
!
ip address 2.2.2.2 255.255.255.255
!
ip address 192.168.12.2 255.255.255.0
!
router bgp 2
network 2.2.2.0 mask 255.255.255.0
!
end
hostname ISP2
!
ip address 3.3.3.3 255.255.255.255
!
ip address 192.168.13.3 255.255.255.0
!
router bgp 3
network 3.3.3.0 mask 255.255.255.0
!
end
hostname R1
!
ip address 1.1.1.1 255.255.255.255
!
ip address 192.168.12.1 255.255.255.0
!
ip address 192.168.13.1 255.255.255.0
!
router bgp 1
network 1.1.1.0 mask 255.255.255.0
neighbor 192.168.12.2 distribute-list NO-TRANSIT out
neighbor 192.168.13.3 distribute-list NO-TRANSIT out
!
ip access-list standard NO-TRANSIT
permit 1.1.1.0 0.0.0.255
!
end
at March 11, 2018
No comments:
Post a Comment
Enter your comment...
Comment as: ‫( ﻣدون ﻣﺣﺗرف‬Goo
Publish Preview
Newer Post Home
Subscribe to: Post Comments (Atom)
CCNA - configure static route on Cisco IOS Router
In this lesson we’ll take a look at static routes, and in particular how to configure them. Let me show you the following top
BGP - Chapter 2 - Single/Dual/Multi-homed Designs

When talking about ISPs, BGP, and connections, sometimes you will hear terminology like “single hom
IPv6 Chapter 7 - IPv6 Summarization Example
Summarizing IPv6 prefixes is similar to IPv4 summarization, the big difference is that IPv6 uses 128 bit addresses com
IPv6 - Chapter 2 - Shortening IPv6 Addresses

IPv6 addresses are hexadecimal and since they are 128-bit, they are quite long. Imagine you have to call a friend and
Simple theme. Powered by Blogger.

BGP - Chapter 24 - Prevent Transit As

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

BGP - Chapter 24 - Prevent Transit As

Hochgeladen von

Copyright:

Verfügbare Formate

8/19/2019 networkrescuer: BGP - Chapter 24 - Prevent Transit AS

‫ﺗﺳﺟﯾل اﻟﺧروج‬ ‫ﻟوﺣﺔ اﻟﺑﯾﺎﻧﺎت اﻟرﺋﯾﺳﯾﺔ‬ georgeshows01@gmail.com

View my complete profile

BGP - Chapter 36- Remove Private AS

Let’s verify our conﬁguration:

Network Next Hop Metric LocPrf Weight Path

Network Next Hop Metric LocPrf Weight Path

Network Next Hop Metric LocPrf Weight Path

Network Next Hop Metric LocPrf Weight Path

They only know about network 1.1.1.0 /24.

Onto the next method!

R1(config)#ip prefix-list NO-TRANSIT permit 1.1.1.0/24

R1(config-router)#neighbor 192.168.12.2 prefix-list NO-TRANSIT out

Network Next Hop Metric LocPrf Weight Path

Network Next Hop Metric LocPrf Weight Path

The preﬁx-list is working as it should.

R1(config)#ip access-list standard NO-TRANSIT

R1(config-router)#neighbor 192.168.12.2 distribute-list NO-TRANSIT out

Time to check the ISPs:

Network Next Hop Metric LocPrf Weight Path

Network Next Hop Metric LocPrf Weight Path

That’s all there is to it.

at March 11, 2018

Enter your comment...

Comment as: ‫( ﻣدون ﻣﺣﺗرف‬Goo

Newer Post Home

Subscribe to: Post Comments (Atom)

CCNA - configure static route on Cisco IOS Router

BGP - Chapter 2 - Single/Dual/Multi-homed Designs

IPv6 Chapter 7 - IPv6 Summarization Example

IPv6 - Chapter 2 - Shortening IPv6 Addresses

Simple theme. Powered by Blogger.

Das könnte Ihnen auch gefallen