[sdnog] filtering traffic on BGP

Bernd Spiess bernd.spiess at de-cix.net
Mon Mar 7 13:30:56 SAST 2016 

Dear Manhal

 

See attached a peering facing config with some typical elements 

in an anonymized version from my former work in such an environment.

(jfyi: this is a config from a member router who uses de-cix as ixp and is
not

related to de-cix itself 
)

 

I hope this gives some help/ideas about useful config parts 
 

 

If you need any help please let me know


 

Bernd

 

Von: Manhal Mohammed [mailto:manhal_muhamed at hotmail.com] 
Gesendet: Montag, 7. März 2016 12:11
An: Bernd Spiess <bernd.spiess at de-cix.net>; sdnog at sdnog.sd;
samir.saif at sudren.edu.sd; nishal at controlfreak.co.za
Betreff: RE: AW: [sdnog] filtering traffic on BGP

 

Dear Mr  Nishal  , Samir and Mr Bernd , thank you very much for your
valuable information , it was very helpful ind informative for me ^_^ 

now i just have to practice more on BGP filtering and i will be very
grateful if you gave  or guide me to some scenarios or documents that can
help.

 

 

--Mnhl 

 

  _____  

 

 

 

hello SDNOGGERS :) 

 

          i would like you to clear  some confusing for me  on BGP filtering
traffic , what i know that if you want to filter a traffic that is coming
from peer you have to set the filter for that  neighbour as (in bound) and
vice versa. :/

 

but some one told me that if i want to filter traffic i have to consider the
opposite side (the neighbour's router perspective)

if it is a received traffics (for my router)  i have to apply "outbound" for
the neighbour inside the BGP

and if it is advertised prefixes i have to apply "inbound" for the neighbour

 

on my router : 

router bgp bla 

neighbour bla.bla.bla.bla  route-map bla IN           !! if it is
(advertised) prefix from me 

neighbour bla.bla.bla.bla route-map bla OUT  !! if it is a (received)
prefix  from that neighbour 

 

so witch one is true :/ 

 

 

 

--Mnhl

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20160307/437f8b9c/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: de-cix-sample-bgp-config.txt
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20160307/437f8b9c/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4287 bytes
Desc: not available
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20160307/437f8b9c/attachment.bin>

More information about the sdnog mailing list