Well I am looking to get back into workbook II lab 1 by next week. If I don’t start soon, it feels like I will never start back up again. I am going to have to break the first few labs up by their topics. I won’t have eight hours to spend on each lab for a while. I would like to get the labs done in two 4 hours sessions on the weekends to start so I have the next five days to read over things that I am not clear on, or having trouble with.

Up until now I have been too concerned with multicast and QOS instead of concentrating on the core items. I need to get those down one hundred percent or else there is no way to pass the lab anyhow. So I decided it is better to get the core down cold and start to worry about the other topics later down the stretch.

Any serious (or at least security-aware) ISP should not blindly accept BGP routes from its customers but at the very minimum do some sanity checks on them. For example, if a multi-homed customer is clumsy enough to advertise BGP routes between service providers, it’s nice if you still stop him from turning into a transit AS. The required filter is conceptually quite simple: all the BGP routes from the customer should contain only his AS number in the AS-path.

The initial non-scalable approach is obvious: accept only the AS paths that have exactly the customer’s AS number in the AS path. For example, if your customer’s AS number is 65001, you could use this filter: ip as-path access-list 100 permit ^65001$.

Full article here