Example Bgp Policies - HP 7102dl - ProCurve Secure Router Configuration Manual

IP Routing—Configuring RIP, OSPF, BGP, and PBR
Configuring BGP
N o t e
15-84

Example BGP Policies

Prefix list filters help you to regulate which routes the router advertises and
learns, thus controlling to some degree the path traffic takes in and out of your
network. Common uses for prefix filters include:
receiving only routes from remote VPN sites
prohibiting the advertisement of a network
preventing your network from becoming a transit for external traffic when
multihoming
load balancing outgoing traffic
If you want to use the prefix list to create more complicated policies, you
should apply it to a route map entry instead of to the BGP neighbor. You can
then configure the policy in the route map entry and apply the route map to
the neighbor. See "Configuring Route Maps: Creating More Complex Policies
for Route Exchange" on page 15-88 for more information on this option.
Permitting Remote Private Routes and Filtering Out External
Routes. Very often, rather than storing external routes to every network in
the Internet, a router simply stores a default route for all external traffic. In
this case, the router does not need external routes from its ISP router. The
router should accept only routes to private remote sites, which the ISP router
has tunneled to it.
You should configure a filter for inbound data to screen out all routes except
those to the remote networks. For example, suppose your organization uses
the private network address 10.1.X.0 /24 for its sites, the X being replaced by
a different number at each site. You would configure an entry that permits any
24-bit network in the 10.1.0.0 /16 range.
ProCurve(config)# ip prefix-list FilterIn seq 1 permit 10.1.0.0/16 ge 24 le 24
You would then apply the list to the neighbor:
ProCurve(config-bgp-neighbor)# prefix-list FilterIn in
You can filter the routes you receive from an ISP on the local router as
described. However, since BGP updates consume bandwidth, and bandwidth
costs money, you should consider requesting that your ISP filter out these
routes at its end. In this way, your router will not receive unnecessary routes
in the first place. You should still leave the internal filter in place in case the
ISP router inadvertently sends out routes that it should not.