10-09-2020 04:33 AM
Hello,
I have two ISPs and my border router has an iBGP neighbor behind it which is advertising two networks to my border router( a public network and a private range network). I want to advertise all my local routes(from the border router) to the ISPs plus the public network which my iBGP is advertising to the border router but I don't want to advertise the private network coming from the iBGP router to the ISPs.
I've been trying to use prefix-lists and route maps but it's not working properly
Can someone please guide me on how to do this
Thanks very much for your time
Solved! Go to Solution.
10-09-2020 08:10 AM
Hello,
just deny the networks you don't want, and allow everything else:
route-map BGP_RM deny 10
match ip address prefix-list PL_ROUTES_DENIED
!
route-map BGP_RM permit 20
match ip address prefix-list PL_ROUTES_ALLOWED
!
ip prefix-list PL_ROUTES_DENIED seq 10 deny 192.168.1.0/24
!
ip prefix-list PL_ROUTES_ALLOWED seq 10 permit 0.0.0.0/0 le 32
10-09-2020 06:05 AM
Hello,
route maps and prefix lists should work. Post what you have configured so far.
10-09-2020 07:40 AM
Hello Georg,
ip prefix-list Allowed seq 10 permit 100.120.0.32/30
!
ip prefix-list iBGP seq 10 permit 172.36.0.0/30
!
ip prefix-list dmz seq 10 permit 8.7.4.0/24
!
ip prefix-list pub seq 10 permit 107.67.96/22 ge 23 le 24
no cdp log mismatch duplex
!
route-map Allowed permit 10
match ip address prefix-list Allowed
!
route-map Allowed permit 20
match ip address prefix-list iBGP
!
route-map Allowed permit 21
match ip address prefix-list Pub
!
route-map Allowed permit 30
match ip address prefix-list dmz
I used the above config and it seems to be working now but I was wondering if there's a more elegant way I can achieve this. I just ended up individually advertising all my networks and leaving out the one I don't want advertised. But this approach is not scalable because if I'm learning up to a thousand route and i want to just filter out one, it would be more expedient to just filter out that one instead of replicating what I did above
10-09-2020 08:10 AM
Hello,
just deny the networks you don't want, and allow everything else:
route-map BGP_RM deny 10
match ip address prefix-list PL_ROUTES_DENIED
!
route-map BGP_RM permit 20
match ip address prefix-list PL_ROUTES_ALLOWED
!
ip prefix-list PL_ROUTES_DENIED seq 10 deny 192.168.1.0/24
!
ip prefix-list PL_ROUTES_ALLOWED seq 10 permit 0.0.0.0/0 le 32
10-09-2020 09:08 AM
Hello,
Thanks for this, will try it.
Also is there anyway I can block routes sourced from an ISP? Like to not advertise routes learned from a particular ISP or source.
10-09-2020 09:39 AM
Hello Georg,
So I tried to use your config template but it didn't deny the network I wasnted it to deny, I checked and verified that I hit the exact network and length but it was still advertising everything.
10-09-2020 10:15 AM
Hello,
odd. Post the full configuration of your router.
10-09-2020 03:18 PM
Hello
can you confirm your topology-
2 isp rtrs peered to 2 site wan rtrs
2 site wan rtrs are ibgp peer which also connect to your lan?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide