BGP.

pottabathininaveen · ‎02-28-2016

Hello,

I'm facing problem with ipv4 address. I have configured a list of address on bgp but few ip pool not showing mask, even though I have configure.

Below are the output.

network 192.232.131.0 mask 255.255.255.0
network 192.245.196.0 mask 255.255.255.0
network 192.245.197.0 mask 255.255.255.0
network 192.245.198.0 mask 255.255.255.0
network 192.245.199.0 mask 255.255.255.0
network 110.16.76.0
network 110.16.77.0
network 110.16.78.0
network 110.16.79.0

Kindly suggest what to do.

Giuseppe Larosa · ‎02-29-2016

Hello Pottabathininaveen,

>> I have configured a list of address on bgp but few ip pool not showing mask, even though I have configure.

This is not a problem, BGP is classless but knows about the classes of addressing A,B,C when a subnet mask is equal to the default classful mask it can omit it from the configuration.

For example if you configure a class C IP prefix like

network 192.232.131.0 mask 255.255.255.0

being the /24 the default mask for the prefix the router can change the configuration line in:

network 192.232.131.0

but it still advertising the prefix with the correct mask

You can check this with :

show ip bgp 192.232.131.0

So it shouldn't be a real problem

Hope to help

Giuseppe

pottabathininaveen · ‎02-29-2016

Hello,

Thanks for your reply, I have one more problem. How to block a IP address on BGP.

Note: we have two ISP's we would like to block on isp1.

Regards,

P.Naveen.

Giuseppe Larosa · ‎03-01-2016

Hello P. Naveen,

you need a form of route filtering outbound to isp1 to achieve this.

Example :

ip prefix-list DENIED-ROUTE seq 5 192.232.131.0/24

route-map ISP1-OUT deny 10

match address prefix DENIED-ROUTE

route-map ISP1-OUT permit 20

!

It is very important the second block with ISP1-OUT permit 20 otherwise all routes are blocked to ISP1!

in router bgp configuration

neighbor <ISP1-address> route-map ISP1-OUT out

Hope to help

Giuseppe

pottabathininaveen · ‎03-01-2016

Hello Again,

To brief my requirement is we have two ISPs assume that ISP1 and ISP2. Were else I would like to block a host coming from ISP1 but it should able to reach from ISP2.

Kindly help me out from this.

Thanks in advance.

Giuseppe Larosa · ‎03-01-2016

Hello P. Naveen,

this becomes a problem of traffic filtering you can use an extended ACL and you can apply it inbound to the interface that connects your router to ISP1

access-list 101 deny host <host> any

access-list 101 permit ip any any

interface type x/y

description interface to ISP1

ip access-group 101 in

!

Edit:

Special Warning: because you cannot control from where the host can come, you can end up to block it totally if the host tries to reach your public IP prefixes only via ISP1. You cannot control how other BGP Autonomous systems make their routing decisions you can control your own routing decisions.

So be careful with the above suggestion as it can block totally the communication between that host and your public IP addresses.

Hope to help

Giuseppe

pottabathininaveen · ‎03-01-2016

Hello,

It was block from ISP1 but traffic is not going to ISP2. Kindly suggest what to do.

Giuseppe Larosa · ‎03-01-2016

Hello P. Naveen,

I'm afraid you can only rollback your configuration by removing the traffic filter and you have to accept that the host comes from ISP1.

Otherwise you should use AS path prepending towards ISP1, making ISP1 less attractive for return traffic, but this effect would be global and ISP1 will end up to become a secondary choice to reach your public IP networks for all the internet not only for that host.

Hope to help

Giuseppe

pottabathininaveen · ‎03-01-2016

Hello,

I have reverted configuration. But how to make less attractive for return traffic on ISP1, request you to provide the sample configuration for same.

Thanks in advance,