Hello guys,
I'm currently testing FFR on debian 10 to replace very old vyos BGP servers. We have two BGP servers advertising two prefixes and each prefix is linked in prority to one server ( two different DC with two ISPs). We have also IBGP with our internal routers for private networks ( if one goes down, all traffic will go to second bgp server ) .
One ISP is announcing the entire world to us and i can't figure how to block it, we don't do transit so we don't have any use for the advertisements. I have unfortunately not a lot of knowledge regarding BGP configuration, so i came asking better knowledgeable peers ( pun intended) on the subject, in order to build a proper bgp configuration.
I appreciate all inputs and details, since i would like to better understand BGP.
Thanks a lot comrades.
Here is my current config. ``` router bgp 34536 bgp router-id 80.77.225.82 neighbor EDGE peer-group neighbor EDGE remote-as 34536 neighbor IBGP peer-group neighbor IBGP remote-as 34536 neighbor REFLECTORS peer-group neighbor REFLECTORS remote-as 34536 neighbor 80.77.225.21 peer-group EDGE neighbor 149.14.62.17 remote-as 174 ! address-family ipv4 unicast network 80.77.226.0/24 neighbor EDGE next-hop-self neighbor EDGE route-map EDGE out neighbor IBGP default-originate neighbor IBGP prefix-list DEFAULT in neighbor REFLECTORS default-originate neighbor REFLECTORS prefix-list DEFAULT out neighbor 149.14.62.17 weight 100 neighbor 149.14.62.17 prefix-list SUMMARIZE out neighbor 149.14.62.17 route-map ISP in exit-address-family ! ip prefix-list DEFAULT seq 70 permit 0.0.0.0/0 ip prefix-list NEWEL seq 80 permit 80.77.224.0/20 ge 21 ip prefix-list SUMMARIZE seq 95 permit 80.77.226.0/24 ! bgp as-path access-list VIA-COGENT deny 174_ ! route-map EDGE permit 10 match as-path VIA-COGENT ! route-map EDGE permit 20 match ip address prefix-list NEWEL ! route-map ISP deny 10 match as-path VIA-COGENT set local-preference 200 ! route-map ISP permit 20 !
```
No comments:
Post a Comment