A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private...
Transcript of A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private...
![Page 1: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/1.jpg)
BGP Configuration for a Transit ISP
ISP Workshops
1 Last updated 24 April 2013
![Page 2: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/2.jpg)
Definitions p Transit – carrying traffic across a network,
usually for a fee n traffic and prefixes originating from one AS are
carried across an intermediate AS to reach their destination AS
p Peering – private interconnect between two ASNs, usually for no fee
p Internet Exchange Point – common interconnect location where several ASNs exchange routing information and traffic
2
![Page 3: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/3.jpg)
ISP Transit Issues p What to announce to BGP customers
n Default route n Full BGP table
p What to receive from BGP customers n Only the prefixes they are entitled to originate n Only the prefixes they have informed you they
will originate n ie: filter filter filter
3
![Page 4: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/4.jpg)
To BGP Customers p Default route:
n This is all that most BGP customers require to receive
p Full BGP table: n Useful for BGP customers who are multihoming
between you and other providers p Common principle:
n Offer BGP customers the two options above n Customisation does NOT scale
4
![Page 5: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/5.jpg)
From BGP Customers p Only accept the prefixes which your
customer is entitled to originate p If your customer hasn’t told you he is
providing transit to his BGP customers, don’t accept anything else he may announce
p The importance of filtering can’t be overstated
p Use the Internet Routing Registry and related tools to simplify configuration
5
![Page 6: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/6.jpg)
ISP Transit Issues
Many mistakes are made on the Internet today due to incomplete
understanding of how to configure BGP for transit
6
![Page 7: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/7.jpg)
ISP Transit Provider Simple Example
7
![Page 8: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/8.jpg)
ISP Transit p AS130 and AS100 are stub/customer ASes
of AS120 n They may have their own peerings with other
ASes n Minimal routing table desired n Minimum complexity required
8
![Page 9: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/9.jpg)
ISP Transit
p AS120 is transit provider between AS130 and AS100
9
AS 120 AS 130 B A
D C
AS 100
![Page 10: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/10.jpg)
AS130 Customer p Router A Configuration
router bgp 130 network 121.10.0.0 mask 255.255.224.0 neighbor 122.12.10.2 remote-as 120 neighbor 122.12.10.2 prefix-list upstream out neighbor 122.12.10.2 prefix-list default in ! ip prefix-list default permit 0.0.0.0/0 ip prefix-list upstream permit 121.10.0.0/19 ! ip route 121.10.0.0 255.255.224.0 null0
10
![Page 11: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/11.jpg)
AS120 Transit Provider p Router B Configuration
router bgp 120 neighbor 122.12.10.1 remote-as 130 neighbor 122.12.10.1 default-originate neighbor 122.12.10.1 prefix-list Customer130 in neighbor 122.12.10.1 prefix-list default out ! ip prefix-list Customer130 permit 121.10.0.0/19 ip prefix-list default permit 0.0.0.0/0
p Router B announces default to Router A, only accepts customer /19
11
Sends default route to specified neighbour
![Page 12: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/12.jpg)
AS120 Transit Provider p Router C Configuration
router bgp 120 neighbor 122.12.20.1 remote-as 100 neighbor 122.12.20.1 default-originate neighbor 122.12.20.1 prefix-list Customer100 in neighbor 122.12.20.1 prefix-list default out ! ip prefix-list Customer100 permit 109.0.0.0/19 ip prefix-list default permit 0.0.0.0/0
p Router C announces default to Router D, only accepts customer /19
12
Sends default route to specified neighbour
![Page 13: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/13.jpg)
AS100 Customer p Router D Configuration
router bgp 100 network 109.0.0.0 mask 255.255.224.0 neighbor 122.12.20.2 remote-as 120 neighbor 122.12.20.2 prefix-list upstream out neighbor 122.12.20.2 prefix-list default in ! ip prefix-list default permit 0.0.0.0/0 ip prefix-list upstream permit 109.0.0.0/19 ! ip route 109.0.0.0 255.255.224.0 null0
13
![Page 14: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/14.jpg)
ISP Transit p This is simple case:
n if AS130 or AS100 get another address block, they have to change their prefix filters and ask AS120 to do the same
p Some ISP transit providers are better skilled at doing this than others!
n May not scale if they are frequently adding new prefixes
n The Internet Routing Registry is an alternative mechanism allowing semi-automation of this activity
14
![Page 15: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/15.jpg)
ISP Transit Provider More complex Example 1
15
![Page 16: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/16.jpg)
ISP Transit p AS130 and AS100 are stub/customer ASes
of AS120 p AS120:
n Provides transit between AS130 and AS100 n Does not provide full Internet access to AS130 n Provides full Internet access for AS100
16
![Page 17: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/17.jpg)
ISP Transit
p AS120 is transit provider between AS130 and AS100
17
AS 120 AS 130 B A
D C
AS 100
Rest of Internet
![Page 18: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/18.jpg)
AS130 Customer p Router A Configuration
router bgp 130 network 121.10.0.0 mask 255.255.224.0 neighbor 122.12.10.2 remote-as 120 neighbor 122.12.10.2 prefix-list as130-prefixes out neighbor 122.12.10.2 prefix-list bogons in ! ip prefix-list as130-prefixes permit 121.10.0.0/19 ! ! The bogons prefix list contains prefixes which ! should not appear in the Internet Routing System ! ip route 121.10.0.0 255.255.224.0 null0
18
![Page 19: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/19.jpg)
AS120 Transit Provider p Router B Configuration
router bgp 120 neighbor 122.12.10.1 remote-as 130 neighbor 122.12.10.1 prefix-list as130-cust in neighbor 122.12.10.1 prefix-list bogons out neighbor 122.12.10.1 filter-list 15 out ! ip as-path access-list 15 permit ^$ ip as-path access-list 15 permit ^100$ ip prefix-list as130-cust permit 121.10.0.0/19
p Router B announces AS120 and AS100 prefixes to Router A, only accepts customer /19
19
![Page 20: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/20.jpg)
AS120 Transit Provider p Router C Configuration
router bgp 120 neighbor 122.12.20.1 remote-as 100 neighbor 122.12.20.1 default-originate neighbor 122.12.20.1 prefix-list as100-cust in neighbor 122.12.20.1 prefix-list default out ! ip prefix-list as100-cust permit 109.0.0.0/19 ip prefix-list default permit 0.0.0.0/0
p Router C announces default to Router D, only accepts customer /19
20
![Page 21: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/21.jpg)
AS100 Customer p Router D Configuration
router bgp 100 network 109.0.0.0 mask 255.255.224.0 neighbor 122.12.20.2 remote-as 120 neighbor 122.12.20.2 prefix-list as100-prefix out neighbor 122.12.20.2 prefix-list default in ! ip prefix-list default permit 0.0.0.0/0 ip prefix-list as100-prefix permit 109.0.0.0/19 ! ip route 109.0.0.0 255.255.224.0 null0
21
![Page 22: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/22.jpg)
ISP Transit p AS130 only hears AS120 and AS100
prefixes n Inbound AS path filter on Router A is optional,
but good practice (never trust a peer) n Inbound bogon prefix-list filters are considered
mandatory on all Internet peerings p See the next transit example for a typical bogon list
n (Consult BGP BCP presentation for more information on BGP best practices)
22
![Page 23: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/23.jpg)
ISP Transit Provider More complex Example 2
23
![Page 24: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/24.jpg)
ISP Transit p AS130 and AS100 are stub/customer ASes
of AS120 n AS130 has many customers with their own
ASes p AS105 doesn’t get announced to AS120
n AS120 provides transit between AS130 and AS100
24
![Page 25: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/25.jpg)
ISP Transit
p AS130 has several customer ASes connecting to its backbone
25
AS 120 AS 130 B A
D C
AS 100
AS 101 AS 102
AS 103
AS 104
AS 105
![Page 26: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/26.jpg)
AS130 Customer p Router A Configuration
router bgp 130 network 121.10.0.0 mask 255.255.224.0 neighbor 122.12.10.2 remote-as 120 neighbor 122.12.10.2 prefix-list upstream-out out neighbor 122.12.10.2 filter-list 5 out neighbor 122.12.10.2 prefix-list upstream-in in ! ip route 121.10.0.0 255.255.224.0 null0 250 ! ..next slide
26
![Page 27: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/27.jpg)
AS130 Customer ! ! AS-path filters… ip as-path access-list 5 permit ^$ ip as-path access-list 5 permit ^(101_)+$ ip as-path access-list 5 permit ^102$ ip as-path access-list 5 permit ^103$ ip as-path access-list 5 permit ^104$ ip as-path access-list 5 deny ^105_ ! ..next slide
27
![Page 28: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/28.jpg)
AS130 Customer ! Outbound Bogon prefixes to be blocked to eBGP peers ip prefix-list upstream-out deny 0.0.0.0/8 le 32 ip prefix-list upstream-out deny 10.0.0.0/8 le 32 ip prefix-list upstream-out deny 127.0.0.0/8 le 32 ip prefix-list upstream-out deny 169.254.0.0/16 le 32 ip prefix-list upstream-out deny 172.16.0.0/12 le 32 ip prefix-list upstream-out deny 192.0.2.0/24 le 32 ip prefix-list upstream-out deny 192.168.0.0/16 le 32 ip prefix-list upstream-out deny 224.0.0.0/3 le 32 ip prefix-list upstream-out deny 0.0.0.0/0 ge 25 ! Extra prefixes ip prefix-list upstream-out deny 121.10.0.0/19 ge 20 ip prefix-list upstream-out permit 0.0.0.0/0 le 32
...next slide 28
![Page 29: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/29.jpg)
AS130 Customer ! Inbound Bogon prefixes to be blocked from eBGP peers ip prefix-list upstream-in deny 0.0.0.0/8 le 32 ip prefix-list upstream-in deny 10.0.0.0/8 le 32 ip prefix-list upstream-in deny 127.0.0.0/8 le 32 ip prefix-list upstream-in deny 169.254.0.0/16 le 32 ip prefix-list upstream-in deny 172.16.0.0/12 le 32 ip prefix-list upstream-in deny 192.0.2.0/24 le 32 ip prefix-list upstream-in deny 192.168.0.0/16 le 32 ip prefix-list upstream-in deny 224.0.0.0/3 le 32 ip prefix-list upstream-in deny 0.0.0.0/0 ge 25 ! Extra prefixes ip prefix-list upstream-in deny 121.10.0.0/19 le 32 ip prefix-list upstream-in permit 0.0.0.0/0 le 32 ! 29
![Page 30: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/30.jpg)
AS120 Transit Provider p Router B Configuration
router bgp 120 neighbor 122.12.10.1 remote-as 130 neighbor 122.12.10.1 prefix-list bogons in neighbor 122.12.10.1 prefix-list bogons out neighbor 122.12.10.1 filter-list 10 in neighbor 122.12.10.1 filter-list 15 out ! ip as-path access-list 15 permit ^$ ip as-path access-list 15 permit ^100$
p Router B announces AS120 and AS100 prefixes to Router A, and accepts all AS130 customer ASes
30
![Page 31: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/31.jpg)
AS120 Transit Provider p Router C Configuration
router bgp 120 neighbor 122.12.20.1 remote-as 100 neighbor 122.12.20.1 default-originate neighbor 122.12.20.1 prefix-list Customer100 in neighbor 122.12.20.1 prefix-list default out ! ip prefix-list Customer100 permit 109.0.0.0/19 ip prefix-list default permit 0.0.0.0/0
p Router C announces default to Router D, only accepts customer /19
31
![Page 32: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/32.jpg)
AS100 Customer p Router D Configuration
router bgp 100 network 109.0.0.0 mask 255.255.224.0 neighbor 122.12.20.2 remote-as 120 neighbor 122.12.20.2 prefix-list upstream out neighbor 122.12.20.2 prefix-list default in ! ip prefix-list default permit 0.0.0.0/0 ip prefix-list upstream permit 109.0.0.0/19 ! ip route 109.0.0.0 255.255.224.0 null0
32
![Page 33: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/33.jpg)
ISP Transit p AS130 only hears AS120 and AS100
prefixes n inbound AS path filter on Router A is optional,
but good practice (never trust a peer) n Special Use Address prefix-list filters are
required on all Internet peerings p This situation is getting more complex,
and you can see the BGP configuration could easily get out of hand n Solution: BGP Communities
33
![Page 34: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/34.jpg)
ISP Transit Provider More complex Example 3
34
![Page 35: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/35.jpg)
ISP Transit p AS130 and AS100 are stub/customer ASes
of AS120 n AS130 has many customers with their own
ASes p AS105 doesn’t get announced to AS120
n AS120 provides transit between AS130 and AS100
p Same example as previously but using communities
35
![Page 36: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/36.jpg)
ISP Transit
p AS130 has several customer ASes connecting to its backbone
36
AS 120 AS 130
B A
D C
AS 100
AS 101 AS 102
AS 103
AS 104
AS 105
E
![Page 37: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/37.jpg)
AS130 Customer p Router A configuration is greatly simplified
n All prefixes to be announced to upstream are marked with Community 130:5100
n Route-map on outbound peering implements community policy
n Bogon prefix-lists still required
37
![Page 38: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/38.jpg)
AS130 Customer p Router A Configuration
router bgp 130 network 121.10.0.0 mask 255.255.224.0 route-map setcomm
neighbor 122.12.10.2 remote-as 120 neighbor 122.12.10.2 prefix-list upstream-out out neighbor 122.12.10.2 route-map to-AS120 out neighbor 122.12.10.2 prefix-list upstream-in in ! ip route 121.10.0.0 255.255.224.0 null0 250 ! ...next slide
38
![Page 39: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/39.jpg)
AS130 Customer ! ip community-list 5 permit 130:5100 ! ! Set community on local prefixes route-map setcomm permit 10 set community 130:5100 ! route-map to-AS120 permit 10 match community 5 !
p upstream-in and upstream-out prefix-lists are the same as in the previous example – they simply deny bogon prefixes and allow everything else 39
![Page 40: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/40.jpg)
AS130 Customer p Router E Configuration
router bgp 130 neighbor x.x.x.x remote-as 101 neighbor x.x.x.x default-originate neighbor x.x.x.x prefix-list customer101 in neighbor x.x.x.x route-map bgp-cust-in in neighbor x.x.x.x prefix-list default out neighbor x.x.x.x remote-as 102 neighbor x.x.x.x default-originate neighbor x.x.x.x prefix-list customer102 in neighbor x.x.x.x route-map bgp-cust-in in neighbor x.x.x.x prefix-list default out ...next slide 40
![Page 41: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/41.jpg)
AS130 Customer neighbor s.s.s.s remote-as 105 neighbor s.s.s.s default-originate neighbor s.s.s.s prefix-list customer105 in neighbor s.s.s.s route-map no-transit in neighbor s.s.s.s prefix-list default out ! ! Set community on eBGP customers announced to AS120 route-map bgp-cust-in permit 10 set community 130:5100 route-map no-transit permit 10 set community 130:5199
p Notice that AS105 peering is put into a different community – one that is not announced to AS130’s upstream
41
![Page 42: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/42.jpg)
ISP Transit p AS130 only announces the community
130:5100 to AS120 p Notice how Router E tags the prefixes to
be announced to AS120 with community 130:5100
p More efficient to manage than using filter lists
42
![Page 43: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/43.jpg)
Summary
43
![Page 44: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/44.jpg)
Summary p Being a transit provider is simply a case of
working out a scalable filtering policy n Default or full routes to a customer n Accept only customer prefixes n Use communities for scaling
p (More details in the BGP Communities Presentation)
44
![Page 45: A - Transitbgp4all.com/ftp/isp-workshops/BGP Presentations/10-Transit.pdf · Peering – private interconnect between two ASNs, usually for no fee ! ... The importance of filtering](https://reader034.fdocuments.net/reader034/viewer/2022050611/5fb25a815cc4a70ae3632fd1/html5/thumbnails/45.jpg)
BGP Configuration for a Transit ISP
ISP Workshops
45