Rule ID
SV-255989r882309_rule
Version
V1R1
CCIs
Accepting route advertisements belonging to the local AS can result in traffic looping or being black holed, or at a minimum using a non-optimized path.
Review the Arista router configuration to verify that it will reject routes belonging to the local AS.
The prefix filter must be referenced inbound on the appropriate BGP neighbor statements.
Step 1: Review the prefix lists configured on the router to filter the local AS prefix (10.12.0.0/16). To verify IP prefix lists are configured, execute the command "show ip prefix-list".
router#sh ip prefix-list
router#ip prefix-list LOCAL_SCOPE_BOUNDARY
seq 10 deny 10.12.0.0/16
seq 100 permit 0.0.0.0/0 le32
Step 2: Review the BGP configuration to verify the prefix filter is applied inbound to the BGP neighbor. To verify the BGP config and verify the prefix is applied, execute the command "show run | section router bgp".
router bgp 65000
router-id 10.11.11.11
address-family ipv4
no neighbor 10.11.12.2 prefix-list out
neighbor 10.12.0.0 prefix-list LOCAL_SCOPE_BOUNDARY in
If the Arista router is not configured to reject inbound route advertisements belonging to the local AS, this is a finding.Configure Arista eBGP routers to reject inbound route advertisements for prefixes that are not allocated to that specific customer. Step 1: Configure the prefix-list to reject inbound route advertisements belonging to the local AS. router(config)#ip prefix-list LOCAL_SCOPE_BOUNDARY router(config-ip-pfx)#seq 10 deny 10.12.0.0/16 router(config-ip-pfx)#seq 100 permit 0.0.0.0/0 le32 Step 2: Configure a route-map to match the prefix-list. router(config)#route-map LOCAL_AS deny router(config-route-map-LOCAL_AS)#match IP address prefix-list LOCAL_SCOPE_BOUNDARY router(config-route-map-LOCAL_AS)#exit Step 3: Configure the route-map to be applied inbound to the appropriate BGP neighbor. router(config)#router bgp 65000 router(config-router-bgp)#neighbor 10.12.0.0 prefix-list LOCAL_SCOPE_BOUNDARY in