BGP Filtering


One of the most important thing in BGP to prevent our own public AS to be used as transit AS for other BGP AS’s. There are several ways to accomplish this as we can also use BGP Communities to accomplish this one simple way that i have found while doing lab today.

 >> Suppose our AS is 300 and we dont want AS 200 to use our AS as transit AS. We can accomplish this by using an “ip as-path access-list”matching the as-path and then filtering it to the specified neighbor by BGP “filter-list”.Here is the example.

>>The syntax of AS-PATH access-list.

 RTC(conf)#ip as-path access-list 13 permit ^$

 Here ^ is matching the begining of the string.

Here $ is matching the end of the string.

>>The syntax of BGP filter-list.

router bgp 300

neighbor[ip address] filter-list 13 out

Therefore by only advertising prefixes that were originated inside AS 300,AS 200 cannot use AS 300 to reach any other ASs like AS 100 in this scenario.In the above solution this is accomplished through the usage of filtering based on AS-PATH information. Since the AS-PATH of a prefix is not added until the prefix leaves the AS,prefixes which have been originated within AS will have an empty AS-PATH.This can be easily matched with a REGULAR EXPRESSION which specifies that the end of the line comes immediately after the start of the line,and is denoted as ^$. We can verify this configuration by the command:-

R1#show ip bgp neighbors [ip address of EBGP Neighbor] advertised-routes