Task4.4 - BGP Filtering

Q1.) Instead of using "ip as-path" and "filter-list" on both R3 and R4? Can i do the opposite way, by applying "ip as-path" and "filter-list" on R1

R1

ip as-path access-list 1 permit ^200$

!

router bgp 300

neighbor 164.1.12.2 filter-list 1 out
neighbor 164.1.13.3 filter-list 1 out

 

Q2.) Task mentioned DO NOT use IP access-list or prefix-list. If allowed to do so, do we just use either access-list or prefix-list to match the BGP routes generated by BB2 and BB3, and followed by using a distribute-list?

 

Q3.) Task4.1

Why is there isnt  'next-hop-self' on R3 to its ibgp neighbor R2, whereas R6 is using 'next-hop-self' to R2 within ibgp?

R3

router bgp 200

neighbor 164.1.23.2 next-hop-self

 

 

Comments

  • Q1.) Instead of using "ip as-path" and "filter-list" on both R3 and R4? Can i do the opposite way, by applying "ip as-path" and "filter-list" on R1

    R1

    ip as-path access-list 1 permit ^200$

    !

    router bgp 300

    neighbor 164.1.12.2 filter-list 1 out
    neighbor 164.1.13.3 filter-list 1 out

     

    Q2.) Task mentioned DO NOT use IP access-list or prefix-list. If allowed to do so, do we just use either access-list or prefix-list to match the BGP routes generated by BB2 and BB3, and followed by using a distribute-list?

     

    Q3.) Task4.1

    Why is there isnt  'next-hop-self' on R3 to its ibgp neighbor R2, whereas R6 is using 'next-hop-self' to R2 within ibgp?

    R3

    router bgp 200

    neighbor 164.1.23.2 next-hop-self

     

    Q1)  The task says: "configure AS 200 to reflect this policy".  R1 is not in AS 200.

    Q2)
    In theory you could block traffic to/from R1 and SW2 by applying an ACL
    inbound on R6's G0/0 interface.  The question is just asking you to use
    as-path filtering instead.

    Q3) R2 and R3 know how to get to each
    other's networks, as all of these prefixes show up in each others IP
    routing tables.  In the case of R6, it has to manipulate the neighbor
    relationship with R2 with the next-hop-self command because R2 doesn't
    have a route to the 192.10.x.0 subnet.  So by default, R2 would not
    consider the NLRI's from BB2 via R6 as next-hop reachable. 
    Next-hop-self tells R6 to manipulate the NLRI that it sends to R2 by
    putting its own BGP peering IP address as the next-hop.  R2 then gets
    NLRI with reachable next-hops and considers them for best path.   Note
    that external BGP neighbors will by default set the next-hop on
    advertised NLRI to the peering IP address.  So, R4 does not need this command with R3, as they are in different Autonomous Systems.

     

     

     

     

  • Why instead of using a filer list on R2 and R3 use a route map filtering AS300 from coming in?

    ip as-path access-list 1 permit ^300$

    route-map DENYAS300 deny 5

    match as-path acces-list 1

    route-map DENYAS300 permit 1000

    nei 164.1.13.1 route-map DENYAS300 in

     

     

Sign In or Register to comment.