Figure 10-2 shows a network that consists of two offices connected to two different ISPs. The offices run OSPF between themselves and use BGP to exchange routes with the ISPs. The two offices are part of a single autonomous system, AS 3000. Each ISP has its own AS number (100 and 200). Office 1 has a single router, which takes care of all its needs. Office 2 has two routers: office2-r1 runs OSPF only and is responsible only for interior routing; office2-r2 provides the connection to the outside world through ISP2. On office1-r1, we need to configure eBGP to exchange routes with ISP1. Likewise, we must configure office2-r2 to exchange routes with ISP2. We want to implement a simple routing policy that prevents the ISPs from using our network to send packets to other autonomous networks. That is, we don’t want transit traffic flowing through our site—we want only traffic that is destined for our network.

Figure 10-2. BGP network with two service providers

The transit-traffic filtering is accomplished by using AS path filters, which we discussed in a previous section. On both routers, the filtering takes place in AS path access list 1. This is a simple access list: all we need to do is permit routes that originated within our local autonomous system. Our AS number happens to be 3000, but that’s not important for writing the filter—we just need to realize ...