Blocking BGP Prefixes

Hi Guys,

Question on BGP

If you peer with a route-server which takes your prefixes and advertise them outs to other prefixes via one single BGP Negihbor how can you block a specific AS from receving your prefixes?

Can this be done via route-maps or prefix-ilsts?

Thing is that the AS that needs to be blocked is not peering directly with the route-server. My guess they get the prefixes from somebody else peering to that route-server.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

networker050184

What exactly are you trying to accomplish? I don't think you will be able to do this the way you are describing, but there are probably other ways to get to it if you tell us the end goal.

If you just do not want to receive traffic from that AS you can black hole them on your network edge. Or if you don't want to route traffic to them you can do the same.

gaby_978

Basically let's say AS100 peers with a route-server. The route-servers has about 30 members peering. So the routes being received from AS100 all advertised to all other members. One of those members seems to be advertising the routes from AS100 to another ASXXX. How can AS100 block his routes from getting to ASxxx thru other route-server members?

gaby_978

networker050184 wrote: »

Or if you don't want to route traffic to them you can do the same.

How can I block them from getting my routes if I dont peer directly with them. They received my routes from other route-server members which are receiving my routes?

ColbyG

You could use a community like "no-export", which would stop the neighbor AS from advertising outside of its AS (if the AS respects your community, of course). But that's not selective, which seems to be what you want.

networker050184

You would need to contact who ever is running the peering point and have them filter it. You could use no advertise/no export communities but that isn't limited to a single peer.

gaby_978

ColbyG wrote: »

You could use a community like "no-export", which would stop the neighbor AS from advertising outside of its AS (if the AS respects your community, of course). But that's not selective, which seems to be what you want.

Thanks Colby. I dont want the neighbor AS to stop advertising outside its AS since ther have multiple peers what I do not want to block.