09-08-2023 08:38 AM - edited 09-08-2023 10:37 AM
Hello,
I'm trying to configure a BGP process between a 6824 and two Infoblox DNS nodes (AnyCast with BGP). At another site, we filter incoming BGP advertisements with route-maps like so (this is from Nexus 7K):
neighbor 1.1.1.1 remote-as 65000
timers 3 9
address-family ipv4 unicast
route-map IB-AC-IN in
route-map all-other-routes out
neighbor 1.1.1.2 remote-as 65000
timers 3 9
address-family ipv4 unicast
route-map IB-AC-IN in
route-map all-other-routes out
neighbor 1.1.1.3 remote-as 65000
timers 3 9
address-family ipv4 unicast
route-map IB-AC-IN in
route-map all-other-routes out
This allows us to make sure we're only taking routes from the Infoblox nodes that are intended and prevents someone from making a mistake in the Infoblox Grid and advertising an unintended IP. The route-map IB-AC-IN has the three IPs we'll allow being advertised to the router, matched from a prefix-list with a "permit" statement. The route-map all-other-routes out has a 0.0.0.0/0 match with a prefix-list with a "deny" statement so no other IPs are allowed to be advertised to the router from the server.
We tried to mirror this on the 6848 but the syntax is off and I can't figure out how to accomplish the same thing.
09-08-2023 10:39 AM
Would/should the below work to only allow 2.2.2.2 to be advertised into the BGP process from the Infoblox nodes to the router?
ip prefix-list IB-AC seq 30 permit 2.2.2.2/32
ip prefix-list IB-AC seq 50 deny 0.0.0.0/32
route-map IB-AC-IN permit 10
match ip address prefix-list IB-AC
exit
!
router bgp 65000
router-id 3.3.3.3
log-neighbor-changes
address-family ipv4 unicast
maximum-paths 4
neighbor 1.1.1.1 remote-as 65001
timers 3 9
address-family ipv4 unicast
route-map IB-AC-IN in
neighbor 1.1.1.2 remote-as 65001
timers 3 9
address-family ipv4 unicast
route-map IB-AC-IN in
exit
09-08-2023 01:26 PM
Hi @Christopher Bell ,
You would need to modify the second prefix-list entry to deny everything else:
ip prefix-list IB-AC seq 50 deny 0.0.0.0/0 le 32
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide