'[isp-bgp] Re: Community Policies'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isp-bgp
Subject:    [isp-bgp] Re: Community Policies
From:       sjk () dredel ! com
Date:       2003-05-07 1:41:17
[Download RAW message or body]

Yep -- kinda figured I needed to do it via a route-map out statement 00
I was hoping to cheat, but nope. The idea here, btw, is to let peers
customers control which ASes they export to (with reason) via a
community tag.

Thanks Much -- sjk

On  6 May, Jeffrey Belles wrote:
> Hi,
> 
> Try to work with tagging for maximum control ;-/
> For instance, every route that comes in through AS3 tag it with :333,
> or whatever makes you feel happy and easily can be defined as coming
> from AS3...
> Now you can filter this easily when exporting this to appropiate other
> AS's.
> 
> On the border with AS2, you can deny these prefixes that are tagged
> with
> :333 (ie learned from AS3) to be advertised.
> Same story for the border with AS1, but then the permit-variant:-)
> In your examples (if I read it correctly) you are trying to set
> no-export on the wrong peerings, and try to match it in the inbound
> route-maps i.s.o outbound (cos that's where you want to filter!)
> 
> ----------------------------------
> On router-3:
> route-map CLIENT-IN, permit, sequence x
> set community 3:333
> ----------------------------------
> on router-2
> route-map CLIENT-OUT, deny, sequence x
>                  ^^^
> match community 3
> ----------------------------------
> on router-3
> route-map CLIENT-OUT, permit, sequence x
>                  ^^^
> match community 3
> -----------------------------------
> 
> Where ip community-list 3 is:
> ip community-list 3 permit 3:333
> 
> PS: in order to work with this route-tagging, you should enable
> "ip bgp-community new-format" , allthough this is not really new
> anymore
> ;-)
> 
> If you need any help, please let me know,
>  -Jeffrey
> ---
> 
> Jeffrey Belles
> IP Core/Transit Engineer    GDNMS-IPC
> email: jeffrey.belles@nld.mci.com
> tel: +31 (0)20 711 6183     VNET: 711 6183
> 
> 
> 
> On May 4, 2003 sjk@dredel.com filled my Inbox with:
> 
>> I am in the process of putting together some community routing
>> policies for our bgp peers -- and I've come to a point where I'm a
>> bit confused and hope someone out there can help me out. Here's the
>> situation:
>>
>> Let's say I have 3 routers which all have eBGP peers and 2 are iBGP
>> peers (for simplicity let's make them Cisco routers), so the eBGP
>> peering may look like this:
>>
>> rtr-1 peer AS1
>> rtr-2 peer AS2
>> rtr-3 peer AS3
>>
>> If I want to set a community which allows AS3 to export to AS1 but
>> not AS2 can I just create a no-export community? or will it be
>> inherited by rtr-1
>>
>> For instance on rtr1:
>> ip community-list 1 permit 64512:1
>> route-map CLIENT-IN, permit, sequence 10
>> match community 1
>> set community no-export
>>
>> on rtr2:
>> ip community-list 2 permit 64512:2
>> route-map CLIENT-IN, permit, sequence 10
>> match community 2
>> set community no-export
>>
>> AS3 then sends it's export with the community of 64512:2
>>
>> I hope this makes sense . . . If this won't work, is there an elegant
>> way to create a community to control eBGP exports? The only other
>> ways I can think of to do this seem pretty complicated. . . Any
>> suggestions would be appreciated.
>>
>> TIA -- sjk
>>
>>
>> -------- Aude Sepere -------
>> sjk@dredel.com
>> http://www.dredel.com
>> ---- Audax et Cautus -------
>>
>>
>>
>> ------------------------ANNOUNCEMENT---------------------------------
>> ---------------------------------------------------------------------
>>                      >> Recycle Your Hardware <<
>>               Clean out your closets and make some cash.
>>                Reach thousnads of ISP equipment buyers.
>>                      http://www.isp-equipment.com
>> ----------------------------------------------------------------------
>> ----------------------------------------------------------------------
>>
>> _______________  The ISP-BGP Discussion List  ______________
>> To Join: mailto:join-isp-bgp@isp-bgp.com
>> To Remove: mailto:remove-isp-bgp@isp-bgp.com
>> Archives: http://isp-lists.isp-planet.com/isp-bgp/archives/
>>
> 
> 
> 
> 
> ------------------------ANNOUNCEMENT---------------------------------
> ---------------------------------------------------------------------
>                      >> Recycle Your Hardware <<
>               Clean out your closets and make some cash.
>                Reach thousnads of ISP equipment buyers.
>                      http://www.isp-equipment.com
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> 
> _______________  The ISP-BGP Discussion List  ______________
> To Join: mailto:join-isp-bgp@isp-bgp.com
> To Remove: mailto:remove-isp-bgp@isp-bgp.com
> Archives: http://isp-lists.isp-planet.com/isp-bgp/archives/

-------- Aude Sepere -------
sjk@dredel.com
http://www.dredel.com
---- Audax et Cautus -------



------------------------ANNOUNCEMENT---------------------------------
---------------------------------------------------------------------
                     >> Recycle Your Hardware <<
              Clean out your closets and make some cash.
               Reach thousnads of ISP equipment buyers.
                     http://www.isp-equipment.com
----------------------------------------------------------------------
----------------------------------------------------------------------

_______________  The ISP-BGP Discussion List  ______________
To Join: mailto:join-isp-bgp@isp-bgp.com
To Remove: mailto:remove-isp-bgp@isp-bgp.com
Archives: http://isp-lists.isp-planet.com/isp-bgp/archives/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic