Filtering BGP ip prefix-list

jay mamaradlo · ‎05-26-2019

Hi All,

I'm currently advertising return routes using BGP to our dedicated internet router

MPLS Service/Router<> CE EDGE MPLS ROUTER <> BGP CORE <> DEDICATED INTERNET ROUTER

We advertise default route to our BGP core for internet only and return routes (INTERNAL_SUMMARIES) to our Internet router. LAN connects to our BGP core.

ip prefix-list INTERNAL_SUMMARIES seq 20 permit 132.189.0.0/16 >> to Internet Router

ip prefix-list INTERNAL_SUMMARIES seq 30 permit 172.16.0.0/12 >> to internet Router

ip prefix-list INTERNAL_SUMMARIES seq 40 permit 192.168.0.0/16 >> to Internet Router

I would like to block 2 IP if possible since we are using those as tracking IP on our Internet router.

132.189.77.1

132.189.78.1

Is this possible? Any direction or suggestions? thanks!!!

Giuseppe Larosa · ‎05-26-2019

Hello Jay,

you can use an IP access-list to block the traffic to/from the two IP hosts, however at BGP routing level you can not avoid to advertise your internal summary routes to the ISP.

At prefix-list level you could deny the two host routes, but this does not mean that the following lines will not work.

ip prefix-list INTERNAL_SUMMARIES seq 5 deny 132.189.77.1/32

p prefix-list INTERNAL_SUMMARIES seq 8 deny 132.189.78.1/32

ip prefix-list INTERNAL_SUMMARIES seq 20 permit 132.189.0.0/16 >> to Internet Router

ip prefix-list INTERNAL_SUMMARIES seq 30 permit 172.16.0.0/12 >> to internet Router

ip prefix-list INTERNAL_SUMMARIES seq 40 permit 192.168.0.0/16 >> to Internet Router

But as I have written those two lines are useless as the aggregate si permitted by seq 20 line.

Hope to help

Giuseppe