02-28-2016 11:41 PM - edited 03-05-2019 03:27 AM
Hello,
I'm facing problem with ipv4 address. I have configured a list of address on bgp but few ip pool not showing mask, even though I have configure.
Below are the output.
network 192.232.131.0 mask 255.255.255.0
network 192.245.196.0 mask 255.255.255.0
network 192.245.197.0 mask 255.255.255.0
network 192.245.198.0 mask 255.255.255.0
network 192.245.199.0 mask 255.255.255.0
network 110.16.76.0
network 110.16.77.0
network 110.16.78.0
network 110.16.79.0
Kindly suggest what to do.
02-29-2016 12:55 AM
Hello Pottabathininaveen,
>> I have configured a list of address on bgp but few ip pool not showing mask, even though I have configure.
This is not a problem, BGP is classless but knows about the classes of addressing A,B,C when a subnet mask is equal to the default classful mask it can omit it from the configuration.
For example if you configure a class C IP prefix like
network 192.232.131.0 mask 255.255.255.0
being the /24 the default mask for the prefix the router can change the configuration line in:
network 192.232.131.0
but it still advertising the prefix with the correct mask
You can check this with :
show ip bgp 192.232.131.0
So it shouldn't be a real problem
Hope to help
Giuseppe
02-29-2016 10:42 PM
Hello,
Thanks for your reply, I have one more problem. How to block a IP address on BGP.
Note: we have two ISP's we would like to block on isp1.
Regards,
P.Naveen.
03-01-2016 12:18 AM
Hello P. Naveen,
you need a form of route filtering outbound to isp1 to achieve this.
Example :
ip prefix-list DENIED-ROUTE seq 5 192.232.131.0/24
route-map ISP1-OUT deny 10
match address prefix DENIED-ROUTE
route-map ISP1-OUT permit 20
!
It is very important the second block with ISP1-OUT permit 20 otherwise all routes are blocked to ISP1!
in router bgp configuration
neighbor <ISP1-address> route-map ISP1-OUT out
Hope to help
Giuseppe
03-01-2016 04:36 AM
Hello Again,
To brief my requirement is we have two ISPs assume that ISP1 and ISP2. Were else I would like to block a host coming from ISP1 but it should able to reach from ISP2.
Kindly help me out from this.
Thanks in advance.
03-01-2016 05:26 AM
Hello P. Naveen,
this becomes a problem of traffic filtering you can use an extended ACL and you can apply it inbound to the interface that connects your router to ISP1
access-list 101 deny host <host> any
access-list 101 permit ip any any
interface type x/y
description interface to ISP1
ip access-group 101 in
!
Edit:
Special Warning: because you cannot control from where the host can come, you can end up to block it totally if the host tries to reach your public IP prefixes only via ISP1. You cannot control how other BGP Autonomous systems make their routing decisions you can control your own routing decisions.
So be careful with the above suggestion as it can block totally the communication between that host and your public IP addresses.
Hope to help
Giuseppe
03-01-2016 06:31 AM
Hello,
It was block from ISP1 but traffic is not going to ISP2. Kindly suggest what to do.
03-01-2016 07:58 AM
Hello P. Naveen,
I'm afraid you can only rollback your configuration by removing the traffic filter and you have to accept that the host comes from ISP1.
Otherwise you should use AS path prepending towards ISP1, making ISP1 less attractive for return traffic, but this effect would be global and ISP1 will end up to become a secondary choice to reach your public IP networks for all the internet not only for that host.
Hope to help
Giuseppe
03-01-2016 10:03 PM
Hello,
I have reverted configuration. But how to make less attractive for return traffic on ISP1, request you to provide the sample configuration for same.
Thanks in advance,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide