On Mon, Nov 7, 2022 at 12:30 PM Tony Wicks <tony@wicks.co.nz> wrote:
use prefix lists to prevent your customer networks being received anywhere but directly from your customers to prevent them using your capacity without paying for it however.
Hi Tony, Do not do this either as it will render your entire network unreachable to your customer during an outage of their direct circuit. Multihomed means you may legitimately receive their prefix announcement from both their direct link and from your upstream transit provider. You CAN, tag announcements received directly from your customers with a BGP community and then filter routes without that tag when offering the announcement to your upstream transits. That will have the effect you're looking for - preventing inappropriate free transit. This is rarely necessary - unless your network is unusually complex the additional AS path length of a rebroadcast announcement will generally prevent such transrouting. The problem tends to creep in when you have both reciprocal peers and customers and then a customer's route announcement appears via the peer. You have to make sure the announcement from the peer is neither capable of being rebroadcast upstream nor capable of beating the direct announcement when the direct announcement is present. That takes some subtle work with BGP communities and route filtering. How subtle? The routes from the peer may be more specific than the direct routes. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/