Routing

AS2--AS1--AS3

how to set policy in AS1 to prevent advertiseing prefixes learned from AS2 to AS3?

can expert give me an example?

Hi,

You could use null as-path regular expression as filter in BGP export policy to announce only locally originated routes:

http://www.juniper.net/techpubs/en_US/junos16.1/topics/usage-guidelines/policy-configuring-as-path-regular-expressions-to-use-as-routing-policy-match-conditions.html

[edit policy-options]
null-as "()";
policy-statement only-my-routes {
  term just-my-as {
    from {
      protocol bgp;
      as-path null-as;
    }
    then accept;
  }
  term nothing-else {
    then reject;
  }
}

Cheers,

Ashvin

when advertising to ebgp(AS3)  AS1 's local as route AS-Path is none?

"()"

 I thought it is local AS path

Hi,

You can use either null as-path "()" or this expression "^$".

You are right the locally originated routes will not have AS1 in the as-path when being exported.

Cheers,

Ashvin

Thanks very much

I have another concern about this is :

actually AS2 and AS3 are 2 internet gateway for AS1

I may want to use as-path length to affect which AS for inbound traffic,for example when export route prefixes to AS3 ,prepend as-path 100 100.

policy-statement only-my-routes {
  term just-my-as {
    from {
      protocol bgp;
      as-path null-as;
    }
    then {
    as-path-prepend “100 100”;
    accept;
     }
  term nothing-else {
    then reject;
  }
}

1:if I use it in this way, will null as-path "()" work as expected?

2:if AS1 is a private AS number, how to affect inbound traffic while AS2 and 3 are public AS.

it seems private AS number can't transit in public.

Hi,

This would work as null-as is the match condition and as-path preprend is the action that will be applied when exporting the route.

Cheers,

Ashvin

thanks sir

but if AS1 is a private AS, how to affect inbound traffic to use AS3 instead of AS2 to reach AS1?

as-path-prepend seems not work since AS1 is a private AS.

any suggestion?

Hi, 

Are you peering to the upstreams from a private ASN?

AFAIK, there is no rule in the protocol that won't allow private ASN on the Internet but as a best practice ISPs could be filtering private ASNs. Option in that case would be requesting the upstream ISP prepending the respective prefixes with their own ASNs.

Or if prefixes are smaller than /24, you could use route summaries to announce different sets of prefix to different ISP.

Example of routes announced:

ISP2: x.x.0.0/24, x.x.0.0/23

ISP3: x.x.x.1.0/24, x.x.0.0/23

Cheers,

Ashvin

[edit policy-options]
as-path AS1 "1 .*";
policy-statement block_as1 {
    term as1 {
        from {
            protocol bgp;
            as-path AS1;
        }
        then reject;
    }
}

[edit protocols bgp group as3]
type external;
peer-as 3;
export block_as1;