Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
632
Views
5
Helpful
2
Replies

BPG outbound route filtering with prefix-list

Go to solution
Jason White
Level 4
Level 4

‎11-30-2018 01:15 PM - edited ‎11-30-2018 01:16 PM

Hello,

I am trying to control the networks that are being advertised from our ASR to our Palo. I have been able to get the advertisements to work with the prefix-list but I am having an issue trying to advertise a smaller block then what we are seeing in the BGP table. I have tried using the le flag and still can't get it to advertised. 

 

We only want to advertise to the Palo 64.56.80.64/27

 

ASR: sh ip route 64.56.80.64
Routing entry for 64.56.80.0/23
Known via "bgp 12345", distance 20, metric 10
Tag 11096, type external
Last update from 108.59.25.110 2d02h ago
Routing Descriptor Blocks:
* 108.59.25.110, from 108.59.25.110, 2d02h ago
Route metric is 10, traffic share count is 1
AS Hops 2
Route tag 11096

 

 

ASR Config:

ip prefix-list bgp-advertise seq 10 permit 1.1.1.0/24
ip prefix-list bgp-advertise seq 15 permit 64.56.80.64/27

!

router bgp  12345
no bgp enforce-first-as
bgp log-neighbor-changes
neighbor x.x.x.x remote-as 54321
neighbor  x.x.x.x prefix-list bgp-advertise out

64.56.80.64/27 this is the block we want to advertise. In BGP it is being advertised to us as 64.56.80.0/23. If I add the /23 on the prefix list it will be advertised to the Palo. If I try to break it up it will not advertised to the Palo. 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎11-30-2018 02:23 PM

Hi Jason,

 

The prefix-list cannot be used to deaggregate the /23. 64.56.80.64/27 needs to be present in the BGP RIB in order to be advertized to neighbors. You either need to originate it on the router peering with the Palo Alto device or receive it from some other router in your network.

 

Regards,

 

 

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

2 Replies 2

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎11-30-2018 02:23 PM

Hi Jason,

 

The prefix-list cannot be used to deaggregate the /23. 64.56.80.64/27 needs to be present in the BGP RIB in order to be advertized to neighbors. You either need to originate it on the router peering with the Palo Alto device or receive it from some other router in your network.

 

Regards,

 

 

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Go to solution
Jason White
Level 4
Level 4
In response to Harold Ritter

‎11-30-2018 05:32 PM

Harold,

Thanks for the update. That is what I figured the answer was going to be. I was hoping there was a way to do that with BGP routing between the ASR and Palo. I think I will just end up doing static routes in the Palo to make the routing decisions between the different gateways. 

 

Jason

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card