Solved: Re: BGP Specific Advertisments

Elopower123 · ‎10-09-2020

Hello,

I have two ISPs and my border router has an iBGP neighbor behind it which is advertising two networks to my border router( a public network and a private range network). I want to advertise all my local routes(from the border router) to the ISPs plus the public network which my iBGP is advertising to the border router but I don't want to advertise the private network coming from the iBGP router to the ISPs.

I've been trying to use prefix-lists and route maps but it's not working properly

Can someone please guide me on how to do this

Thanks very much for your time

Georg Pauwen · ‎10-09-2020

Hello,

just deny the networks you don't want, and allow everything else:

route-map BGP_RM deny 10
match ip address prefix-list PL_ROUTES_DENIED
!
route-map BGP_RM permit 20
match ip address prefix-list PL_ROUTES_ALLOWED
!
ip prefix-list PL_ROUTES_DENIED seq 10 deny 192.168.1.0/24
!
ip prefix-list PL_ROUTES_ALLOWED seq 10 permit 0.0.0.0/0 le 32

View solution in original post

Georg Pauwen · ‎10-09-2020

Hello,

route maps and prefix lists should work. Post what you have configured so far.

Elopower123 · ‎10-09-2020

Hello Georg,

ip prefix-list Allowed seq 10 permit 100.120.0.32/30
!
ip prefix-list iBGP seq 10 permit 172.36.0.0/30
!
ip prefix-list dmz seq 10 permit 8.7.4.0/24
!
ip prefix-list pub seq 10 permit 107.67.96/22 ge 23 le 24
no cdp log mismatch duplex
!
route-map Allowed permit 10
match ip address prefix-list Allowed
!
route-map Allowed permit 20
match ip address prefix-list iBGP
!
route-map Allowed permit 21
match ip address prefix-list Pub
!
route-map Allowed permit 30
match ip address prefix-list dmz

I used the above config and it seems to be working now but I was wondering if there's a more elegant way I can achieve this. I just ended up individually advertising all my networks and leaving out the one I don't want advertised. But this approach is not scalable because if I'm learning up to a thousand route and i want to just filter out one, it would be more expedient to just filter out that one instead of replicating what I did above

Georg Pauwen · ‎10-09-2020

Hello,

just deny the networks you don't want, and allow everything else:

route-map BGP_RM deny 10
match ip address prefix-list PL_ROUTES_DENIED
!
route-map BGP_RM permit 20
match ip address prefix-list PL_ROUTES_ALLOWED
!
ip prefix-list PL_ROUTES_DENIED seq 10 deny 192.168.1.0/24
!
ip prefix-list PL_ROUTES_ALLOWED seq 10 permit 0.0.0.0/0 le 32

Elopower123 · ‎10-09-2020

Hello,

Thanks for this, will try it.

Also is there anyway I can block routes sourced from an ISP? Like to not advertise routes learned from a particular ISP or source.

Elopower123 · ‎10-09-2020

Hello Georg,

So I tried to use your config template but it didn't deny the network I wasnted it to deny, I checked and verified that I hit the exact network and length but it was still advertising everything.

Georg Pauwen · ‎10-09-2020

Hello,

odd. Post the full configuration of your router.

paul driver · ‎10-09-2020

Hello

can you confirm your topology-

2 isp rtrs peered to 2 site wan rtrs

2 site wan rtrs are ibgp peer which also connect to your lan?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul