Solved: Carving BGP Routes Inbound

JackParsons · ‎05-09-2018

Hi,

Is it possible to carve a block that you are receiving?

For example.

RouterA - AS100 - Advertise 192.168.0.0/16

/\

-

(eBGP Peering)

-

\/

RouterB - AS200 - Receives 192.168.0.0/16

/\

-

(iBGP Peering)

-

\/

RouterC - AS200 - Only wants 192.168.1.0/24

Now RouterB is seeing the /16 but I only want to allow 192.168.1.0/24 of the advertisement. Is there a way to do this, without any static nailups in my AS?

Thanks,

Jack

Georg Pauwen · ‎05-10-2018

Hello,

on a side note, and that would require some configuration changes, you could configure an inject map on your router B that injects the 192.168.1.0/24 network, and then filter out the 192.16.0.0 on router C:

Riouter B

router bgp 200
bgp router-id 2.2.2.2
bgp log-neighbor-changes
bgp inject-map INJECT_MAP exist-map EXIST_MAP
network 2.2.2.2 mask 255.255.255.255
neighbor 192.168.12.1 remote-as 200
neighbor 192.168.12.1 next-hop-self
neighbor 192.168.23.3 remote-as 100
!
ip prefix-list EXISTING_ROUTE seq 5 permit 192.168.0.0/16
!
ip prefix-list INJECTED_ROUTES seq 5 permit 192.168.1.0/24
!
ip prefix-list ROUTE_SOURCE seq 5 permit 192.168.23.3/32
!
route-map INJECT_MAP permit 10
set ip address prefix-list INJECTED_ROUTES
!
route-map EXIST_MAP permit 10
match ip address prefix-list EXISTING_ROUTE
match ip route-source prefix-list ROUTE_SOURCE

Router C

router bgp 200
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 192.168.12.2 remote-as 200
neighbor 192.168.12.2 next-hop-self
distribute-list prefix DENY_192_16 in
!
ip prefix-list DENY_192_16 seq 5 deny 192.168.0.0/16
ip prefix-list DENY_192_16 seq 10 permit 192.168.0.0/16 ge 24

View solution in original post

chrihussey · ‎05-10-2018

Unless you are receiving the /24 via eBGP, I don't think there is a way to "create" it out of the /16, without having to do something in the iBGP, like the static you suggest.

Regards.

Georg Pauwen · ‎05-10-2018

Hello,

on a side note, and that would require some configuration changes, you could configure an inject map on your router B that injects the 192.168.1.0/24 network, and then filter out the 192.16.0.0 on router C:

Riouter B

router bgp 200
bgp router-id 2.2.2.2
bgp log-neighbor-changes
bgp inject-map INJECT_MAP exist-map EXIST_MAP
network 2.2.2.2 mask 255.255.255.255
neighbor 192.168.12.1 remote-as 200
neighbor 192.168.12.1 next-hop-self
neighbor 192.168.23.3 remote-as 100
!
ip prefix-list EXISTING_ROUTE seq 5 permit 192.168.0.0/16
!
ip prefix-list INJECTED_ROUTES seq 5 permit 192.168.1.0/24
!
ip prefix-list ROUTE_SOURCE seq 5 permit 192.168.23.3/32
!
route-map INJECT_MAP permit 10
set ip address prefix-list INJECTED_ROUTES
!
route-map EXIST_MAP permit 10
match ip address prefix-list EXISTING_ROUTE
match ip route-source prefix-list ROUTE_SOURCE

Router C

router bgp 200
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 192.168.12.2 remote-as 200
neighbor 192.168.12.2 next-hop-self
distribute-list prefix DENY_192_16 in
!
ip prefix-list DENY_192_16 seq 5 deny 192.168.0.0/16
ip prefix-list DENY_192_16 seq 10 permit 192.168.0.0/16 ge 24