How to avoid becoming your organisation as Transit AS?

When looking at BGP, the simplest/most-scalable way to prevent transit AS is with a filter-list.  This calls for regular expressions, which sometimes scare people…
ip as-path access-list 1 permit ^$
router bgp 100
neighbor filter-list 1 out
And what you will do at that point is ONLY send out routes with an EMPTY as-path.  If you receive a route from ANY other eBGP peer, the as-path list will no longer be empty.  Therefore empty = your own internal routes!
And that way whether it’s 1 route today or 100 of them you are originating tomorrow, the rule set will still work.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s