Advanced Cisco BGP features: Selective Next-hop

Below topology was used for this post, and all the configuration happened on two Cisco CSR1000v

topo-2routers-dual-link

BGP Selective Next-hop Route filtering

Imagine that you want to accept routes only from peers, which the route covering the next-hop passes specific conditions, such as prefix-length, or protocol.

In the following configuration I will only accept routes from peers, which the route covering the next-hop has a mask of less-equal to 24:

Let’s see the current BGP table:

Continue reading “Advanced Cisco BGP features: Selective Next-hop”

Share this!

BGP Routing using Policy Controls

  • Service Provider should filter some IP prefixes in incoming updates, such as RFC1918. Because a customer should only advertise its global networks to the Service Provider.
  • Multihomed Customers should avoid becoming a Transit-AS. As by default in most of the cases the tie breaker for BGP is the Shortest AS-Path, so the providers connected to the to customer will use the customer link as a Transit-AS to reach each other.
  • Service Providers should filter Private addresses in incoming updates of Customers.
  • In a scenario where a customer has two border routers without IBGP, and IGP inside the AS, there will be no loops, but if running IBGP between the border routers, special care should be taken or a direct link between the two border routers is required.
  • Policy Routing only affects the Next-Hop. The destination is unchanged!
  • Policy Routing is CPU intensive, because it is based on the source unlike Dynamic and static routing. So, when routing based on the destination there is no need of Policy Routing.
  • Customers can only affect their outgoing traffic, and can’t directly affect incoming traffic.
    (config)# ip as-path access-list# [permit/deny] regexp
    (config-router)# neighborip-address filter-list as-path-filter# [in/out]

Continue reading “BGP Routing using Policy Controls”

Share this!