yep, I missed the ) thats a typo although its the lack of outbound route filtering that Im interested in.
It looks like the DSG solution doesnt completely prevent AS50 from being a transit AS. On Mon, Nov 28, 2011 at 9:16 AM, Oluwagbenga Oyebande < [email protected]> wrote: > did you mean to type ip as-path access-list 73 permit ^102(_[0-9]+*)*?$ > > On Sun, Nov 27, 2011 at 12:30 PM, James Roc <[email protected]> wrote: > >> Hi All, >> >> This question asks to 'ensure that only directly connected clients of >> AS102 >> can transit AS50'. >> >> AS101 - AS50 - AS102 - ASXXX >> >> The DSG uses the following inbound as-path acl on the AS50 router peering >> to AS102: >> >> ip as-path access-list 73 permit ^102(_[0-9]+?$ >> >> This filters the required routes entering AS50 from AS102 but there are no >> outbound filters. >> >> In the following topology, routes from AS101 could pass through AS50 to >> AS102 and beyond. >> >> AS101 - AS50 - AS102 - ASXXX - AS300 >> >> So while AS101 would not have a synchronous return route, AS300 could >> still >> transit AS50 to reach AS101. >> >> Given that changes can only be done on AS50, whats the best way to prevent >> this? >> >> Cheers >> James >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> To Unsubscribe from this list please visit the following link and follow >> the directions to unsubscribe. >> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > > > > -- > -- > Olugbenga Oyebande > MD, DAIT > 234-803-302-5287 > http://www.dait-ng.com > Cisco Unified Network, VPN > DAIT Enterprise Network Servers > Broadband Internet Deployment & ISP Consultancy > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com To Unsubscribe from this list please visit the following link and follow the directions to unsubscribe. http://onlinestudylist.com/mailman/listinfo/ccie_rs
