How can you prevent your own BGP AS becoming a transit path? This can be achieved by making use of a distribute-list or a prefix-list. However these methods do not scale well as future ip addressing changes or additions require access lists to be revisited.
BB1 ------ R1 (AS 101) ------- R2 (AS 101) ------- BB2
Here are 2 options that scale and do not require revisiting when ip addresses change.
OPTION 1 - Make use of the no-export community.
-------------------------------------------------------------
Here i apply the community no-export to ALL incoming bgp routes.
R1
route-map NOEXPORT
set community no-export
router bgp 101
neigh {ip addr BB1} route-map NOEXPORT in
neigh {ip addr r2} send-community
OPTION 2 – Make use of the filter-list command
-----------------------------------------------------------
Here i create an as-path access list and only allow bgp routes originated in the routers own as (AS 101) to be advertised out.
R2
ip as-path access-list 1 permit ^$
router bgp 101
neigh {ip addrBB2} filter-list 1 out
With both commands i use show ip bgp {ip address} advertise for verification of advertised routes.
BB1 ------ R1 (AS 101) ------- R2 (AS 101) ------- BB2
Here are 2 options that scale and do not require revisiting when ip addresses change.
OPTION 1 - Make use of the no-export community.
-------------------------------------------------------------
Here i apply the community no-export to ALL incoming bgp routes.
R1
route-map NOEXPORT
set community no-export
router bgp 101
neigh {ip addr BB1} route-map NOEXPORT in
neigh {ip addr r2} send-community
OPTION 2 – Make use of the filter-list command
-----------------------------------------------------------
Here i create an as-path access list and only allow bgp routes originated in the routers own as (AS 101) to be advertised out.
R2
ip as-path access-list 1 permit ^$
router bgp 101
neigh {ip addrBB2} filter-list 1 out
With both commands i use show ip bgp {ip address} advertise for verification of advertised routes.