Sample IOSXR RPL for small ISP

Setting up a pair of Cisco ASRs for an small ISP. Each ASR has a connection to an upstream ISP. The ASRs are also connected to downstream customers with BGP. Am looking for some sample route-policies. The route policies should prevent the ISP from becoming transit for the entire Internet, but still be transit for the downstream customers.

The syntax may not be exactly correct, but the below gives a rough outline of a relatively simple setup using communities. You can use a prefix-set or as-path-set with all the prefixes/asns you advertise to filter outbound to transit instead of communities (or in addition to), but communities will scale better in the long run. There may be better ways to do it but this should give a good start.

— Apply to customer(s) —

Route-policy fulltable-out

If destination in bogons then

Drop

elseif community matches-any ( “LOCALPREFIX”, “CUSTPREFIX”, “PEERPREFIX, “TRANSITPREFIX” ) then

Pass

Endif

End-policy

 

Route-policy asCUSTASN-in

If destination in asCUSTASN then

Set community CUSTPFX

Endif

End-policy

 

Prefix-set asCUSTASN

CUS.PFX.A.0/20 le 24,

CUS.PFX.B.0/24,

Etc…

End-set

 

— Apply to Transit —

 

Route-policy transit-in

If destination in bogons then

Drop

Else

Set community TRANSITPREFIX

endif

End-policy

 

Route-policy transit-out

If destination in bogons then

Drop

elseif community matches-any ( “LOCALPREFIX”, “CUSTPREFIX” ) then

Pass

endif

End-policy

 

prefix-set bogons

0.0.0.0/8 le 32,

10.0.0.0/8 le 32,

100.64.0.0/10 le 32,

127.0.0.0/8 le 32,

169.254.0.0/16 le 32,

172.16.0.0/12 le 32,

192.0.0.0/24 le 32,

192.0.2.0/24 le 32,

192.168.0.0/16 le 32,

198.18.0.0/15 le 32,

198.51.100.0/24 le 32,

203.0.113.0/24 le 32,

224.0.0.0/4 le 32,

240.0.0.0/4 le 32,

0.0.0.0/0 ge 25

end-set