Ok, for me it was implicit to configure outbound filtering to upstream in order to not become Transit AS.
""Jason Greenberg"" a icrit dans le message de news: [EMAIL PROTECTED] > No, the filter lists would only be to prevent the default route from > being advertised back out the other upstream link. Note that usually > the BGP AS-path loop avoidance rules will prevent a problem in this > scenario (especially with only the default route being advertised), but > in a more advanced scenario, or if the upstream ISP were using 2 ASNs, > one for each link (who knows, but sometimes it happens), then the ISP > could consider this poor guy's 2 2600's as a short path back to the rest > of their network. > > I think the general rule of thumb is always filter BGP advertisements. > I like to be in complete control of what I'm advertising to other ASs. > > > > > > On Sat, 2002-07-27 at 14:27, Stephane LITKOWSKI wrote: > > > A couple of suggestions: > > > > > > 1) If you run iBGP, be *sure* not to advertize the default route learned > > > from one edge router, through iBGP to the other edge router, and back > > > out the other upstream. You can use a filter list to prevent that. > > > > I agree with you about your technique but : > > Why do you want to prevent 0.0.0.0 to be advertized via the iBGP ? > > I think, if each edge router, advertize his eBGP-learned default route to > > his iBGP peer, each edge router have 2 default routes and so will prefer > the > > EBGP path. And if the EBGP path is lost, iBGP path is used (and so if other > > routers are on the same LAN, ICMP redirect is generated pointing to the > > second edge router). > > NB : I think that HSRP will desactivate ICMP redirects on the configured > > interface. And so if u want to use it, u have to reenable it. > > > > > 2) I would highly recommend running an IGP such as OSPF on all your > > > routers. Remember, that's what routers are there for; routing protocols > > > don't make things more complicated or flakey, but in fact it simplifies > > > things and makes your network more robust. I notice this is a common > > > misconception about using only static routes, and I have much experience > > > on the matter. Static routes break things, especially when you have > > > more than one potential path, like you are suggesting. Don't be afraid > > > to let your firewall learn the correct default route from the > > > redistributed EGP. > > > > I think it's really the best (and easier) solution. > -- > Jason Greenberg, CCNP > Network Administrator > Execulink, Inc. > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49918&t=49807 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
