Solved: Hello Ty,

ty.masse · ‎02-12-2016

I have a route that's being advertised to me by my provider but I don't want to inject it in my BGP table I want to filter it out. The example below will make my point. The routes from .4 - .32 are individual /24 routes being advertised to me. However they're also advertising 62.128.0.0/23. I want to filter out the 62.128.0.0/23 advertisement and leave the individual routes.

My concern is if I do it via ACL since the other routes are subsets of the major route they'll be blocked also. What would be the best way to exclude 62.128.0.0/23 only and leave the rest. Is it a filter list? The config is eBGP.

Thanks

*> 62.128.0.0/23    0.0.0.0                  0         32768 i
*> 62.128.4.0/23    0.0.0.0                  0         32768 i
*> 62.128.8.0/23    0.0.0.0                  0         32768 i
*> 62.128.12.0/23   0.0.0.0                  0         32768 i
*> 62.128.16.0/23   0.0.0.0                  0         32768 i
*> 62.128.20.0/23   0.0.0.0                  0         32768 i
*> 62.128.24.0/23   0.0.0.0                  0         32768 i
*> 62.128.28.0/23   0.0.0.0                  0         32768 i
*> 62.128.32.0/23   0.0.0.0                  0         32768 i
*> 62.128.36.0/23   0.0.0.0                  0         32768 i
*> 62.128.40.0/23   0.0.0.0                  0         32768 i
*> 62.128.44.0/23   0.0.0.0                  0         32768 i

Peter Paluch · ‎02-12-2016

Hello Ty,

The proper tool would be a prefix-list. A prefix-list allows matching on both network addresses and their netmasks. However, before I suggest a possible use of the prefix-list, I have to discuss your plan a little further.

You say that you want to filter out the 62.128.0.0/23 and leave the individual routes. You are also saying that your provider advertises individual /24 routes to you. However, in the example you have posted, there are no /24 subnets, nor are there any overlapping networks. The 62.128.0.0/23 covers only the range from 62.128.0.0 through 62.128.1.255. The .4 - .32 routes are not a part of 62.128.0.0/23, so filtering it out may actually cause reachability issues.

Can you perhaps explain your situation in some more detail?

Best regards,
Peter

View solution in original post

Peter Paluch · ‎02-12-2016

Hello Ty,

The proper tool would be a prefix-list. A prefix-list allows matching on both network addresses and their netmasks. However, before I suggest a possible use of the prefix-list, I have to discuss your plan a little further.

You say that you want to filter out the 62.128.0.0/23 and leave the individual routes. You are also saying that your provider advertises individual /24 routes to you. However, in the example you have posted, there are no /24 subnets, nor are there any overlapping networks. The 62.128.0.0/23 covers only the range from 62.128.0.0 through 62.128.1.255. The .4 - .32 routes are not a part of 62.128.0.0/23, so filtering it out may actually cause reachability issues.

Can you perhaps explain your situation in some more detail?

Best regards,
Peter

ty.masse · ‎02-15-2016

Peter thanks for replying to my email and sorry for the late reply. I was using an illustration to show that we have a supernet broken out in to multiple subnets in that range. We are actually subnetting it to 62.128.0.0/11 as shown below. I understand that hosts within that range. However we're using them as network addresses for our remote locations. we have lots of remote sites. With that being said do you still agree that excluding the 62.128.0.0/11 advertised route will still allow the individual /24's to comin? Also how would you write the prefix list?

PS: For some reason it won't let me past the change. Just change the illustration above to:

62.128.0.0/11 for the first one and everything else to /24.

Thanks.

BGP Exclude an Advertised Route