06-18-2012 01:07 AM - edited 03-04-2019 04:42 PM
Hi all
Can anyone tell me which is the best and easiest way to control what routes my remote sites can see. We have a HQ and lots of remote sites,
would be be something like a route map on the remote end ?
cheers
06-18-2012 02:10 AM
Hello Carl,
the more scalable way to perform this is to use BGP communities to tag BGP routes sent by HQ.
On remote sites you will have a route-map matching on BGP community value(s) using a community-list.
Instead of specifying what IP prefixes you want to learn on the remote site with an IP ACL or a prefix-list, you configure the router to accept all the routes that have a BGP community value as expected.
In this way, in the future you will need to make changes only on the HQ to add a new route to those that should be learned by remote sites, by simply adding a specific BGP community value to the BGP advertisement.
Multiple BGP communities values can be associated with a single BGP advertisement making the mechanism very flexible.
You can divide the routes in multiple groups and you can associate each of them with a BGP community value.
In this way you can also configure different remote sites to accept/import more then one group of routes as needed.
To be noted in order to propagate the BGP community attribute you will need the command
neighbor x.x.x.x send-community
if it is not present.
This approach should work also if your sites are interconnected with an MPLS L3VPN if the PE routers are configured for BGP community propagation ( and they should ).
The HQ router(s) need a route-map with the set community action in the route-map blocks.
To preserve the current set of BGP communities on the route you can use set community value additive.
Hope to help
Giuseppe
06-18-2012 03:08 AM
Hi
thanks for the reply, can you give me an example of the config ?
would it be route map, match an access list, then set community ?
cheers
06-19-2012 11:25 PM
Hi Carl,
Apart from what Giuseppe Larosa said you could also do it by matching routes on prefix-list and using route-map. or use a prefix-list option directly on neighbor command to filter routes.
E.G
ip prefix-list deny EXAMPLE 192.168.10.0/24
ip prefix-list permit EXAMPLE 192.168.0.0/16 le 30
ip prefix-list permit EXAMPLE 10.10.0.0/16 le 27
!
route-map SITE1
match ip address prefix-list EXAMPLE
!
router bgp XX
neigbor X.X.X.X route-map SITE1 out
or
neigbor X.X.X.X prefix-list EXAMPLE out
Thanks,
Nandan Mathure.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide