Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
934
Views
0
Helpful
4
Replies

Filters BGP in ISP

Go to solution
federico.arrua.261
Level 1
Level 1

‎06-04-2016 02:59 PM - edited ‎03-05-2019 04:09 AM

HI everyone. I have to configure filters in bgp routers to deny all /30 routes and routes with the ORIGIN incomplete( redistribute on bgp). How can i made that with access-list? or i have to used prefix-list?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎06-04-2016 11:53 PM

I'm not completely sure of the answer.

I always use prefix lists.  I think a prefix like this would probably work to block /30's and /31's (it will only accept a prefix length of 29 or less).  In this case, I am matching what I want, and relying on the default "deny" to drop everything else.

ip prefix-list block_30_31 seq 5 permit 0.0.0.0/0 le 29

I'm not sure how to match "origin incomplete", but you can use the route-map command "match source-protocol".  So if you match every source protocol you expect to use, that should automatically result in unknown origins being dropped.

(config-route-map)#match source-protocol ?
 bgp Border Gateway Protocol (BGP)
 connected Connected
 eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
 isis ISO IS-IS
 lisp Locator ID Separation Protocol (LISP)
 mobile Mobile routes
 ospf Open Shortest Path First (OSPF)
 ospfv3 OSPFv3
 rip Routing Information Protocol (RIP)
 static Static routes

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎06-04-2016 11:53 PM

I'm not completely sure of the answer.

I always use prefix lists.  I think a prefix like this would probably work to block /30's and /31's (it will only accept a prefix length of 29 or less).  In this case, I am matching what I want, and relying on the default "deny" to drop everything else.

ip prefix-list block_30_31 seq 5 permit 0.0.0.0/0 le 29

I'm not sure how to match "origin incomplete", but you can use the route-map command "match source-protocol".  So if you match every source protocol you expect to use, that should automatically result in unknown origins being dropped.

(config-route-map)#match source-protocol ?
 bgp Border Gateway Protocol (BGP)
 connected Connected
 eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
 isis ISO IS-IS
 lisp Locator ID Separation Protocol (LISP)
 mobile Mobile routes
 ospf Open Shortest Path First (OSPF)
 ospfv3 OSPFv3
 rip Routing Information Protocol (RIP)
 static Static routes
0 Helpful

Go to solution
federico.arrua.261
Level 1
Level 1
In response to Philip D'Ath

‎06-05-2016 12:46 PM

The first answer works perfect,thanks!. The second one doesn't work because when i use match source-protocol, the routes with origin incomplete have source protocol bgp.

I found that i can use match origin igp and egp, so i can accept routes with those origins and discard the incomplete.

Thanks for the help!

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to federico.arrua.261

‎06-05-2016 01:43 PM

It would be great if you could rate and mark helpful responses.  :-)

0 Helpful

Go to solution
Jason M.
Level 1
Level 1

‎06-05-2016 04:10 PM

It's pretty easy to do in XR using a route policy but I'm assuming you're talking about IOS. Would it be possible for you to tag the routes during redistribution or add a community to them? If so, you can just match those with a route map.

0 Helpful
Customers Also Viewed These Support Documents