Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1621
Views
0
Helpful
11
Replies

Block routes from EIGRP to BGP

williamehmke1
Level 1
Level 1

‎07-16-2018 01:05 PM - edited ‎03-05-2019 10:47 AM

I am wondering how to block routes that get redistributed from EIGRP into BGP. I have a 3850 advertising local networks via EIGRP to a 4331 router (MPLS) and these are then redistributed into BGP so they can be routed across my MPLS circuit. The issue is some of the advertised networks from EIGRP I don't want routed out via BGP as they are only local networks (but I need the router to learn about them) for routing purposes. I created a prefix list denying these routes and added this to BGP but for some reason BGP is not adhering the prefix-list and is advertising these routes. Below is the entry from my router and 3850 along with prefix list. I have left off majority of the networks and the 2 networks that I don't want routed for certain reasons

 

3850 - EIGRP with advertised networks

router eigrp 118
network 10.112.12.0 0.0.0.255
network 172.16.252.0 0.0.0.63
redistribute bgp 64500 metric 20000 1000 255 2 1500

 

4331 router:

router eigrp 118
!
address-family ipv4 vrf BUS autonomous-system 118
redistribute bgp 64500 metric 20000 1 255 1 1500
network 172.16.252.0 0.0.0.63
exit-address-family
!
router bgp 64500
bgp router-id 172.16.20.254
bgp log-neighbor-changes
redistribute eigrp 118
!
address-family ipv4 vrf BUS
network x.x.x.x mask 255.255.255.255
network x.x.x.x mask 255.255.255.192
redistribute eigrp 118
neighbor x.x.x.x remote-as 209
neighbor x.x.x.x description eBGP to CenturyLink VRF: OCAST-10022933
neighbor x.x.x.x activate
neighbor x.x.x.x soft-reconfiguration inbound
neighbor x.x.x.x prefix-list deny-route in
exit-address-family

 

ip prefix-list deny-route seq 5 deny 0.0.0.0/0
ip prefix-list deny-route seq 10 deny 10.x.x.0/24
ip prefix-list deny-route seq 15 deny 10.x.x.0/24
ip prefix-list deny-route seq 20 deny 10.x.x.0/24
ip prefix-list deny-route seq 25 permit 0.0.0.0/0 le 32

Labels:
0 Helpful
11 Replies 11

Julio E. Moisa
VIP
VIP

‎07-16-2018 02:20 PM

Hi,

Please let me understand the question, EIGRP is redistributing all the networks into the BGP but the request is specify which EIGRP networks must be redistributed into BGP? Is that correct? but BGP must knows these subnets to be advertised to the other locations. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

williamehmke1
Level 1
Level 1
In response to Julio E. Moisa

‎07-16-2018 02:53 PM

At the site level I have a 3850 doing the local routing and redistributing the networks over to BGP so the router knows about the local networks and to be routed out the MPLS. I have 2 networks (not listed in the screenshots I sent) that I don’t want routed across the mpls. How do I stop that? I can’t remove from eigrp cause then the router will not know they exist
0 Helpful

Julio E. Moisa
VIP
VIP
In response to williamehmke1

‎07-16-2018 03:10 PM - edited ‎07-16-2018 03:16 PM

Hi

Thank you it is clear now, so you are making a BGP peer between the 3850 and the router 4331

 

Cisco 3850 (EIGRP --redistribution---> BGP) BGP --peering--- BGP (Router 4331) MPLS

 

You could use prefix list in the redistribution EIGRP --> BGP on the 3850, example:

 

The networks which will not be advertised into MPLS:

ip prefix-list FILTER seq 5 permit 1.1.1.0/24

ip prefix-list FILTER seq 10 permit 2.2.2.0/24

 

route-map FILTER-EIGRP-TO-BGP deny 5

match ip address prefix FILTER

 

route-map FILTER-EIGRP-TO-BGP permit 1000  <--- higher sequence

<it will be empty to allow everything else>

 

router bgp 65000

distribute eigrp 118  route-map  FILTER-EIGRP-TO-BGP 

 

BGP should receive everything except those networks (1.1.1.0/24 & 2.2.2.0/24) 

 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

williamehmke1
Level 1
Level 1
In response to Julio E. Moisa

‎07-16-2018 05:55 PM

Thank you I will try that and post the outcome.
0 Helpful

Julio E. Moisa
VIP
VIP
In response to williamehmke1

‎07-16-2018 06:44 PM

You are welcome, please keep me posted about the result.

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎07-18-2018 08:38 AM

Perhaps I am confused and do not understand parts of this discussion. Julio believes that there is IBGP between the 3850 and the 4331. But I am not seeing anything the partial configs that are posted that shows any BGP neighbor commands between the 3850 and the 4331. Also there is a statement from the original poster that he needs the routes advertised from the 3850 to the 4331 so that the router will know about those routes, he just wants the 4331 not to advertise the routes in BGP. Filtering the routes on the 3850 would seem to defeat the desire for the 4331 to learn the routes.

 

The title of the original post indicates that they want to block routes from EIGRP to BGP. I would suggest that the best way to achieve this would be to configure a route map on the 4331 and apply that route map in the redistribute command that redistributes routes from EIGRP to BGP.

 

But if we think about the objective a bit differently and want to prevent a BGP neighbor from learning those routes we could apply a filter on advertisements to that neighbor. There is a filter in the config that controls what we learn from that neighbor

neighbor x.x.x.x prefix-list deny-route in

It would be pretty simple to create a similar prefix list to identify the prefixes we do not want to advertise and then configure the new prefix list as out for that neighbor.

 

HTH

 

Rick

 

HTH

Rick
0 Helpful

williamehmke1
Level 1
Level 1
In response to Richard Burts

‎07-18-2018 09:25 AM

Rick,

 

Maybe I didn't expalin well enough and I apologize for that. Here is the layout:

 

on my 3850 I have 7 networks defined (VLANs) and I am redistributing these networks into BGP that is running on my 4331 router (see snippet on original post called 3850)

 

on the 4331 I have EIGRP and BGP defined. EIGRP is taking the routes from the 3850 and sending them over to BGP (so they can be redsitributed across my network). My issue is 2 of the advertised networks from EIGRP cannot be redistributed out of BGP as it is a conflict. I created a prefix-list to deny these 2 networks and applied it to BGP but for some reason they are not being blocked.

 

these are the commands on my 4331 and in theory it should work

 

router eigrp 118
!
address-family ipv4 vrf BUS autonomous-system 118
redistribute bgp 64500 metric 20000 1 255 1 1500
network 172.16.x.0 0.0.0.63
exit-address-family
!
router bgp 64500
bgp router-id 172.x.x.254
bgp log-neighbor-changes
redistribute eigrp 118
!
address-family ipv4 vrf BUS
network 172.x.x.254 mask 255.255.255.255
network 172.16.x.0 mask 255.255.255.192
redistribute eigrp 118
neighbor 63.x.x.205 remote-as 209
neighbor 63.x.x.205 description eBGP to CenturyLink VRF: OCAST-10022933
neighbor 63.x.x.205 activate
neighbor 63.x.x.205 soft-reconfiguration inbound
neighbor 63.x.x.205 prefix-list deny-route in
exit-address-family

 

ip prefix-list deny-route seq 5 deny 0.0.0.0/0

ip prefix-list deny-route seq 10 deny 10.1.11.0/24 

ip prefix-list deny-route seq 15 deny 10.1.61.0/24
ip prefix-list deny-route seq 20 permit 0.0.0.0/0 le 32

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to williamehmke1

‎07-18-2018 11:21 AM

Thank you for the additional information. There is a simple explanation for why your prefix list is not working as you want it to. Change this

neighbor 63.x.x.205 prefix-list deny-route in

to

neighbor 63.x.x.205 prefix-list deny-route out

when you apply the prefix list in it controls what you learn from the neighbor. when you apply the prefix list out it controls what you advertise to the neighbor.

 

Make the change that I suggest and let us know if the behavior changes.

 

HTH

 

Rick

HTH

Rick
0 Helpful

williamehmke1
Level 1
Level 1
In response to Richard Burts

‎07-20-2018 06:47 PM

Rick

Thank you for help, your suggestion worked
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to williamehmke1

‎07-24-2018 12:54 PM

Thank you for posting back to the forum and letting us know that my suggestion did work.

 

HTH

 

Rick

HTH

Rick
0 Helpful

paul driver
VIP
VIP
In response to williamehmke1

‎07-24-2018 04:25 PM - edited ‎07-24-2018 04:26 PM

Hello
Would you please rate Ricks suggestion, Mark his answer to be correct and your post as solved, This would provide Rick with a deserved rating and also help others  in the future looking for a solution just like yours.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card