Hello everyone,
I am testing some things with OpenBGPD and did run into following problem:
Test setup:
I have 3 cisco routers and 1 openbgp box.
The scenario;
- Cisco1 and Cisco2 are transit providers, Cisco3 is a customer transit customer
- OpenBGP is the main router
- There is a link between cisco3 and cisco2 (cisco3 is announces own
network, cisco 2 everything),
I did connect all cisco's to a interface on the openbgp box (AS65000).
In the BGP config i made 1 group: transits.
I will call the peer with the "customer" cisco3 (AS65001)
What the setup should do:
- cisco1 and cisco2 are announcing some routes to the openbgp box
- the openbgp box announces a own /24
- cisco3 is announcecing a /24, the openbgp box should reannounce this prefix
- the openbgp box should send everything to the cisco3.
Filters (on the openbgp box):
- on all peers is a announce all
- there is an incoming filter on the interface to the cisco3: deny
from cisco3, allow from cisco3 prefix XX.XX.XX.XX/24
- there is an outgoing filter on the group transits: deny to transits,
allow to group transit prefix {OWN-PREFIX, CISCO3-PREFIX}
Everything works OK, i see the re-announcement of the /24 from cisco3
on the cisco1 and cisco2.
Now, if the link between the openbgp box and cisco3 fails, i still
will be announcing the /24 of cisco3 (i receive the prefix also from
cisco2). I cannot put a prefix filter on the incoming from the
transits, otherwise i will loose contact to the network of cisco3
when the link is down.
This could be solved with a outgoing AS filter (in cisco it looks
like: ip as-path access-list 10 permit ^(65000_)*(65001_)+$ )
I tried a lot of things with the filter syntax in openbgp but i was
not able to create something that is working like that.
Questions:
- is this possible with openbgp?
- can i make filters like: allow from cisco3 source-as 65001 and
transit-as 65000? (is something like AND possible?)
Thanks for all your help!
Thomas
