BGP Prevent Transit AS

metodijus12 · July 16, 2022, 8:26am

Hello Laz

Yes , i made it clear already , i finally got it . By the way i had nice interview with Verizon i hope i will get the job .

Regards !

ledzeppelino · August 20, 2022, 1:03am

Hello Rene,

R1(config)#route-map NO-EXPORT
R1(config-route-map)#set community no-export

R1(config)#router bgp 1
R1(config-router)#neighbor 192.168.12.2 route-map NO-EXPORT in
R1(config-router)#neighbor 192.168.13.3 route-map NO-EXPORT in

In the config above, since we are advertising why is it “in” instead of “out”?

Thanks in advance.

lagapidis · August 23, 2022, 1:17pm

Hello Leoncio

Let’s reexamine what the goal is in this particular case. We want the prefixes that are advertised from ISP1 and ISP2 towards R1 to be tagged with the no-export community. That means that any BGP updates traveling from ISP1 to R1 or from ISP2 to R1 would enter into R1 in an inbound direction. So the NO-EXPORT route map should be applied in an inbound direction.

Remember, the “in” keyword indicates the direction of the BGP updates that we want to modify and not the actual user traffic being sent.

I hope this has been helpful!

Laz

benavidez.jaime · February 14, 2023, 10:59pm

how would I configure an AS 200 ISP to only advertise 202.0.0.0/8? I’m a little confused

ip prefix-list NO-TRANSIT permit 202.0.0.0/8

neighbor xxx.xxx.xxx.xxx prefix-list TRANSIT out

lagapidis · February 16, 2023, 7:48am

Hello Jaime

In this particular lesson, the prefix list is being used to filter out what R1 advertises to ISP1. Only the 1.1.1.0/24 subnet is being advertised to ISP1. So if you look at the BGP table of ISP1, you will see only 1.1.1.0/24 appear in the BGP table with a next hop of 192.168.12.1 which is the IP address of R1.

Now in your case, when you say “how would I configure an AS 200 ISP to only advertise 202.0.0.0/8?” it really depends upon your topology. If you have an ISP router that exists within AS200, and you want it to advertise only the 202.0.0.0/8 network, then you would indeed use the commands that you placed in your post.

This would result in the ISP router advertising only 202.0.0.0/8 to your xxx.xxx.xxx.xxx neighbor. However, the prerequisite to this is that the 202.0.0.0/8 network is already in your local BGP table.

I hope this has been helpful!

Laz

davidilles · July 21, 2023, 3:53pm

Hello!

A quick question. Could we also use the NO-ADVERTISE BGP community in order to prevent our organization from becoming a transit AS? Would it cause any problems?

Thank you in advance for your help.

David

lagapidis · July 29, 2023, 4:43am

Hello David

The BGP NO-ADVERTISE community is a well-known BGP community that prevents the advertisement of routes to any peer, internal or external. Using the NO-ADVERTISE community will prevent an AS from advertising specific routes to any other AS.

However, it’s important to clarify that this doesn’t directly prevent your organization from becoming a transit AS. A transit AS is an Autonomous System that allows traffic from other ASes to pass through it. Whether an AS acts as a transit AS is more a matter of its peering arrangements than of its routing advertisements.

If you want to prevent your AS from becoming a transit AS, you need to ensure that your AS doesn’t have agreements to forward traffic for other ASes. That’s where the four methods Rene mentioned in the lesson come in.

However, if you don’t want to advertise certain routes to peer ASes to reduce the chance of becoming a transit AS for those specific routes, you could use the NO-ADVERTISE community. But this is by no means a general solution for the issue, but a specific one for the particular routes that are prevented from being advertised.

I hope this has been helpful!

Laz