05-13-2024 12:43 PM
Good day,
I have a quick question I am peering with AWS, I have a route map to allow specific prefix in. I am trying to add a new one:
44.192.0.0/11
but out of all of the IP's available I only need access to one IP which is 44.218.85.113. I thought I can just update my prefix-list to just allow a particular IP:44.218.85.113.
I have a VRF configured that uses the above prefix-list to allow routes in. When I add the /32 in and do a traceoute it goes out the internet. But when I do the /11 I can see it go over my direct connect into AWS. I thought that BGP matches on the longest prefix, in this situation am I wrong here? I just want to open up to that one IP address how can I do that?
with the /11 installed:
edge#sh ip route vrf AWSDX-S3 44.218.85.113
Routing Table: AWSDX-S3
Routing entry for 44.192.0.0/11
Known via "bgp 53866", distance 20, metric 10
Tag 7224, type external
Last update from 53.46.180.1857w0d ago
Routing Descriptor Blocks:
* 53.46.180.185, from 53.46.180.185, 7w0d ago
Route metric is 10, traffic share count is 1
AS Hops 4
Route tag 7224
MPLS label: none
edge#
edge#
edge#sh ip route 44.218.85.113
Routing entry for 44.192.0.0/11
Known via "bgp 53866", distance 20, metric 10
Tag 7224, type external
Last update from 52.46.160.185 00:16:01 ago
Routing Descriptor Blocks:
* 53.46.180.185 (AWSDX-S3), from 53.46.180.185, 00:16:01 ago
Route metric is 10, traffic share count is 1
AS Hops 4
Route tag 7224
MPLS label: none
/32
edge#sh ip route vrf AWSDX-S3 44.218.85.113
Routing Table: AWSDX-S3
Routing entry for 44.192.0.0/11
Known via "bgp 53866", distance 20, metric 10
Tag 7224, type external
Last update from 53.46.180.185 7w0d ago
Routing Descriptor Blocks:
* 53.46.180.185, from 53.46.180.185, 7w0d ago
Route metric is 10, traffic share count is 1
AS Hops 4
Route tag 7224
MPLS label: none
edge#
edge#
edge#sh ip route 44.218.85.113
% Subnet not in table
Thank you in advance!!
Solved! Go to Solution.
05-13-2024 01:34 PM
Hi @war ,
The prefix list allows you to permit or deny prefixes that AWS sends you. Adding 44.218.85.113/32 to the prefix list does not help if AWS does not send this specific prefix to you in the first place.
Regards,
05-13-2024 01:34 PM
Hi @war ,
The prefix list allows you to permit or deny prefixes that AWS sends you. Adding 44.218.85.113/32 to the prefix list does not help if AWS does not send this specific prefix to you in the first place.
Regards,
05-13-2024 01:58 PM
Thank you sir, I was hoping you wouldn't say that but I guess I have to let the whole /11 in.
Thank you!!
Warren
05-13-2024 01:59 PM
You are very welcome @war and thanks for the feedback
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide