BGP TRANSIT CONFIGURATION ON CISCO OK, let's say that we have idiot with BGP (AS and LIR) we want to route through our network, scenario like this: [ MY ISP1 ] AS1 [MY ISP2] AS2 \ / \ / [MY NETWORK] AS3 | | [IMBECIL\CUSTOMER] CUSTOMER_AS Let's assume that running config was something like this: router bgp AS3 (here goes your AS) no synchronization bgp log-neighbor-changes network YOUR_NETWORK mask 255.255.240.0 (I assume that you have /20) redistribute static neighbor MY_ISP1_PEER_IP remote-as MY_ISP1_AS1 neighbor MY_ISP1_PEER_IP update-source Gi0/2 neighbor MY_ISP1_PEER_IP soft-reconfiguration inbound neighbor MY_ISP1_PEER_IP prefix-list bogons in neighbor MY_ISP1_PEER_IP prefix-list announce out neighbor MY_ISP1_PEER_IP route-map ISP1_BGP_OUT out neighbor my_ISP2_peer_ip remote-as MY_ISP2_AS2 neighbor my_ISP2_peer_ip update-source Gi0/3 neighbor my_ISP2_peer_ip soft-reconfiguration inbound neighbor my_ISP2_peer_ip prefix-list bogons in neighbor my_ISP2_peer_ip prefix-list announce out neighbor my_ISP2_peer_ip route-map ISP2_BGP_OUT out no auto-summary . . . ip as-path access-list 1 permit ^$ ip as-path access-list 1 deny .* . . ip prefix-list announce seq 5 permit YOUR_NETWORK/20 ip prefix-list announce seq 10 deny 0.0.0.0/0 le 32 . . ip prefix-list pl100 seq 5 permit YOUR_NETWORK/20 ip prefix-list pl100 seq 10 deny 0.0.0.0/0 ! ip prefix-list pl101 seq 5 permit YOUR_NETWORK/20 ip prefix-list pl101 seq 10 deny 0.0.0.0/0 . . route-map ISP1_BGP_OUT permit 10 match ip address prefix-list pl101 match as-path 1 ! route-map ISP2_BGP_OUT permit 20 match ip address prefix-list pl100 match as-path 1 And that's it. Your system is running BGP, but here comes problem You have customer that you have to transit through your network. It might be some pain in the ass so here is instant solution: router bgp AS3 (here goes your AS) no synchronization bgp log-neighbor-changes network YOUR_NETWORK mask 255.255.240.0 (I assume that you have /20) redistribute static neighbor MY_ISP1_PEER_IP remote-as MY_ISP1_AS1 neighbor MY_ISP1_PEER_IP update-source Gi0/2 neighbor MY_ISP1_PEER_IP soft-reconfiguration inbound neighbor MY_ISP1_PEER_IP prefix-list bogons in neighbor MY_ISP1_PEER_IP prefix-list announce out neighbor MY_ISP1_PEER_IP route-map ISP1_BGP_OUT out neighbor my_ISP2_peer_ip remote-as MY_ISP2_AS2 neighbor my_ISP2_peer_ip update-source Gi0/3 neighbor my_ISP2_peer_ip soft-reconfiguration inbound neighbor my_ISP2_peer_ip prefix-list bogons in neighbor my_ISP2_peer_ip prefix-list announce out neighbor my_ISP2_peer_ip route-map ISP2_BGP_OUT out neighbor CUSTOMER_peer_ip remote-as CUSTOMER_AS4 neighbor CUSTOMER_peer_ip soft-reconfiguration inbound neighbor CUSTOMER_peer_ip prefix-list CUSTOMER_IN in (this is where you let him export you his network) no auto-summary . . . ip as-path access-list 1 permit ^$ ip as-path access-list 1 deny .* ip as-path access-list 2 permit ^$ ip as-path access-list 2 permit ^((_CUSTOMER_AS)+)$ ip as-path access-list 2 deny .* . ip prefix-list EFG seq 5 permit CUSTOMER_NETWORK/his_netmask . ip prefix-list announce seq 5 permit YOUR_NETWORK/20 ip prefix-list announce seq 10 CUSTOMER_NETWORK/his_netmask ip prefix-list announce seq 15 deny 0.0.0.0/0 le 32 . . ip prefix-list pl100 seq 5 permit YOUR_NETWORK/20 ip prefix-list announce seq 10 CUSTOMER_NETWORK/his_netmask ip prefix-list pl100 seq 15 deny 0.0.0.0/0 ! ip prefix-list pl101 seq 5 permit YOUR_NETWORK/20 ip prefix-list announce seq 10 CUSTOMER_NETWORK/his_netmask ip prefix-list pl101 seq 15 deny 0.0.0.0/0 . . route-map ISP1_BGP_OUT permit 10 match ip address prefix-list pl101 match as-path 2 ! route-map ISP2_BGP_OUT permit 20 match ip address prefix-list pl100 match as-path 2 . . And that's it. Note that you have to pass a) customer's address space b) customer's AS You can verify that you are receiving routes from your customer by: sh ip bgp ne CUSTOMER_peer route-import sh ip bgp ne CUSTOMER_peer advertised-routes (to see what are you exporting to him). sh ip bgp ne MY_ISP1 advertised-routes sh ip bgp ne MY_ISP2 advertised-routes to see what are you exporting to your ISPs. Also note that you have to update RIPE database, or other database.