Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
94
Views
7
Helpful
6
Replies

BGP Inbound Route Filter using Prefix-List

Go to solution
vantipov
Level 1
Level 1

‎07-18-2024 08:41 AM

I am trying to understand why I have certain routes showing up in my BGP received-routes. 

neighbor 100.70.14.165 prefix-list ACCEPTED-FROM-VENDOR in

ip prefix-list ACCEPTED-FROM-VENDOR seq 10 permit 10.0.0.0/8
ip prefix-list ACCEPTED-FROM-VENDOR seq 30 permit 172.16.0.0/12
ip prefix-list ACCEPTED-FROM-VENDOR seq 20 permit 192.168.0.0/16

Yet I see routes advertised with 100.70.14.x subnets.  These inter-links between routers.  My thinking is that there's an explicit deny at the end of the prefix-list and 100.70.14.x doesn't match so should be rejected. 

#show ip bgp neighbors 100.70.14.165 received-routes

Network Next Hop Metric LocPrf Weight Path
* 100.70.14.160/31 100.70.14.165 0 1071 i
* 100.70.14.164/30 100.70.14.165 0 1071 i

What am I missing here?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to vantipov

‎07-18-2024 08:56 AM

#show ip bgp neighbors 100.70.14.165 received-routes <<- this show prefix before filtering
show ip bgp <<- this show prefix after filtering 

MHM

View solution in original post

6 Replies 6

Go to solution
MHM Cisco World
VIP
VIP

‎07-18-2024 08:44 AM

can I see how you config BGP?

MHM

0 Helpful

Go to solution
vantipov
Level 1
Level 1

‎07-18-2024 08:50 AM

This is the section for this specific vendor. 

router bgp 1234
neighbor 100.70.14.165 remote-as 1071
neighbor 100.70.14.165 description VENDOR
neighbor 100.70.14.165 password xxxx
neighbor 100.70.14.165 version 4
!
address-family ipv4
neighbor 100.70.14.165 activate
neighbor 100.70.14.165 soft-reconfiguration inbound
neighbor 100.70.14.165 prefix-list ACCEPTED-FROM-VENDOR in
neighbor 100.70.14.165 prefix-list ADVERTISED-TO-VENDOR out
exit-address-family

ip prefix-list ACCEPTED-FROM-VENDOR seq 10 permit 10.0.0.0/8
ip prefix-list ACCEPTED-FROM-VENDOR seq 30 permit 172.16.0.0/12
ip prefix-list ACCEPTED-FROM-VENDOR seq 20 permit 192.168.0.0/16

ip prefix-list ADVERTISED-TO-VENDOR seq 10 permit 10.64.0.0/10

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to vantipov

‎07-18-2024 08:56 AM

#show ip bgp neighbors 100.70.14.165 received-routes <<- this show prefix before filtering
show ip bgp <<- this show prefix after filtering 

MHM

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to vantipov

‎07-18-2024 09:06 AM

Hi @vantipov ,

As @MHM Cisco World mentioned, the "received-routes" command show the bgp routes received from the neighbor before any inbound filtering. They are kept locally as a result of the "neighbor soft-reconfiguration inbound". 

For more information.please refer to the following document:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mt-book/irg-soft-config.html

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Go to solution
Larry Sullivan
Level 3
Level 3

‎07-18-2024 10:10 AM

Aside from what MHM mentioned, the command I use to get routes post filtering is "show ip bgp neighbors 100.70.14.165 routes"

Go to solution
vantipov
Level 1
Level 1

‎07-18-2024 10:27 AM

That makes sense.  I ran #show ip bgp | in 100.70.14.  and I do not see those routes.  I also ran #show ip bgp neighbors 100.70.14.165 routes and it shows zero routes. This helps.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card