03-27-2014 09:30 AM - edited 03-04-2019 10:40 PM
Hi,
I have question about filtering bgp routes from bgp client.
We are bgp transit for client.
Client AS number for example 100
Client IP 192.168.0.0/22
We want only prefixes from AS 100 and be sure that there is no other prefixes than 192.168.0.0/22
as-path-set AS1
ios-regex '^100$'
end-set
prefix-set prefix1
192.168.0.0/22 le 32
end-set
route-policy CLIENT-IN
if (destination in prefix1) or (as-path in as1) then
pass
else
drop
endif
end-policy
Question 1
Is that policy correct - or prefix list is enough?
Question 2
Is any difference when route-policy looks like below?
route-policy CLIENT-IN
if (destination in prefix1) then
pass
elseif (as-path in as1) then
pass
else
drop
endif
regards,
end-policy
Solved! Go to Solution.
03-29-2014 02:55 PM
I think your configuration may need some modifying.
Based on your description you only want the single 192.168.0.0/22 route from your client but it's not entirely clear whether you want to match just the route prefix or the route prefix and the AS.
If you just wanted to match the route prefix then using the prefix list should be enough but it needs modifying ie.
you are using 192.168.0.0/22 le 32
but if you want to match just the single route it should be -
192.168.0.0/22
if you do also want to match on the AS just to be sure then you can do but you need to modify the logic ie you do not want this -
if (destination in prefix1) or (as-path in as1) then
which means allow any route that is matched in your prefix list or any route with an AS of 100 only in the path ie. it would allow routes with an AS of 100 that are not in your prefix list.
You would need to change it to this -
if (destination in prefix1) and (as-path in as1) then
which means the route must match what is in your prefix list and also it must only have AS 100 in the path.
Just seen the second question.
You wouldn't want to use that for the same reasons already described ie. you would allow both routes that are specified in your prefix list but it would also allow routes with an AS of 100 which is not what you are trying to do.
Jon
03-29-2014 02:55 PM
I think your configuration may need some modifying.
Based on your description you only want the single 192.168.0.0/22 route from your client but it's not entirely clear whether you want to match just the route prefix or the route prefix and the AS.
If you just wanted to match the route prefix then using the prefix list should be enough but it needs modifying ie.
you are using 192.168.0.0/22 le 32
but if you want to match just the single route it should be -
192.168.0.0/22
if you do also want to match on the AS just to be sure then you can do but you need to modify the logic ie you do not want this -
if (destination in prefix1) or (as-path in as1) then
which means allow any route that is matched in your prefix list or any route with an AS of 100 only in the path ie. it would allow routes with an AS of 100 that are not in your prefix list.
You would need to change it to this -
if (destination in prefix1) and (as-path in as1) then
which means the route must match what is in your prefix list and also it must only have AS 100 in the path.
Just seen the second question.
You wouldn't want to use that for the same reasons already described ie. you would allow both routes that are specified in your prefix list but it would also allow routes with an AS of 100 which is not what you are trying to do.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: