Assume I have 2 ASs (AS1, AS2). The topology looks like this. RA1.1 --- RA2.1 --- RA2.2 where RA1.1 is a router in AS1 and the other 2 routers belong to AS2. There is a eBGP session between RA1.1 and RA2.1 and an iBGP session between RA2.1 and RA2.2. How can I apply filters in RA1.1 so that I only allow traffic directly generated in RA2.1 but not traffic generated by RA2.2?
Asked
Active
Viewed 33 times
1 Answers
-1
The point of ASes (Autonomous Systems) is that they are autonomous. AS1 really has no way to know which BGP speakers in AS2 are advertising which prefixes. AS2 can certainly restrict which prefixes are advertised to AS1, but, normally, AS1 has no idea of the network structure or policies in AS2.
If the two ASes cooperate at a business level, and the administrator of AS2 tells the administrator of AS1 which BGP speakers are advertising which prefixes, then the administrator of AS1 could restrict by prefix, but not by BGP speaker. That could be a mistake because AS2 is free to change its network at any time; it is autonomous from AS1.
In reality, AS1 is only aware of the eBGP peer to which it connects.
Ron Maupin
- 6,180
- 4
- 29
- 36