Options

Blocking BGP Prefixes

gaby_978gaby_978 Member Posts: 222
in CCNP
Hi Guys,


Question on BGP

If you peer with a route-server which takes your prefixes and advertise them outs to other prefixes via one single BGP Negihbor how can you block a specific AS from receving your prefixes?

Can this be done via route-maps or prefix-ilsts?


Thing is that the AS that needs to be blocked is not peering directly with the route-server. My guess they get the prefixes from somebody else peering to that route-server.
‎"If you spend too much time thinking about a thing,
you'll never get it done"
· Share on FacebookShare on Twitter

Comments

  • Options
    networker050184networker050184 Mod Posts: 11,962 Mod
    What exactly are you trying to accomplish? I don't think you will be able to do this the way you are describing, but there are probably other ways to get to it if you tell us the end goal.

    If you just do not want to receive traffic from that AS you can black hole them on your network edge. Or if you don't want to route traffic to them you can do the same.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • Options
    gaby_978gaby_978 Member Posts: 222
    Basically let's say AS100 peers with a route-server. The route-servers has about 30 members peering. So the routes being received from AS100 all advertised to all other members. One of those members seems to be advertising the routes from AS100 to another ASXXX. How can AS100 block his routes from getting to ASxxx thru other route-server members?
    ‎"If you spend too much time thinking about a thing,
    you'll never get it done"
    · Share on FacebookShare on Twitter
  • Options
    gaby_978gaby_978 Member Posts: 222
    networker050184 wrote: »
    Or if you don't want to route traffic to them you can do the same.

    How can I block them from getting my routes if I dont peer directly with them. They received my routes from other route-server members which are receiving my routes?
    ‎"If you spend too much time thinking about a thing,
    you'll never get it done"
    · Share on FacebookShare on Twitter
  • Options
    ColbyGColbyG Member Posts: 1,264
    You could use a community like "no-export", which would stop the neighbor AS from advertising outside of its AS (if the AS respects your community, of course). But that's not selective, which seems to be what you want.
    http://blog.alwaysthenetwork.com
    · Share on FacebookShare on Twitter
  • Options
    networker050184networker050184 Mod Posts: 11,962 Mod
    You would need to contact who ever is running the peering point and have them filter it. You could use no advertise/no export communities but that isn't limited to a single peer.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • Options
    gaby_978gaby_978 Member Posts: 222
    ColbyG wrote: »
    You could use a community like "no-export", which would stop the neighbor AS from advertising outside of its AS (if the AS respects your community, of course). But that's not selective, which seems to be what you want.

    Thanks Colby. I dont want the neighbor AS to stop advertising outside its AS since ther have multiple peers what I do not want to block.
    ‎"If you spend too much time thinking about a thing,
    you'll never get it done"
    · Share on FacebookShare on Twitter
Sign In or Register to comment.