06-23-2019 07:58 AM
Hello,
On our Nexus switches we have a BGP peering with an external company. I need to advertise our WAN subnet into their BGP and need some help. They want me to use IP Prefix lists for the below subnets that exist in our WAN.
172.30.0.0/24 (we have about 10 networks /24 here like 172.30.5.0/24 and 172.30.15.0/24)
192.168.138.0/24
192.168.136.0/24
192.168.115.0/24
192.168.144.0/22
192.168.3.0/24
This external company need to get to the above subnets and visa versa. BGP is working already by the way.
Is it best to use an access list or route map?
Would this work?
ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24 ge 23 le 25
ip prefix-list myprefixlist1 seq 10 permit 192.168.138.0/24
ip prefix-list myprefixlist1 seq 15 permit 192.168.136.0/24
ip prefix-list myprefixlist1 seq 20 permit 192.168.115.0/24
ip prefix-list myprefixlist1 seq 25 permit 192.168.144.0/22
ip prefix-list myprefixlist1 seq 30 permit 192.168.3.0/24
!
router bgp 65000
neighbor 192.0.2.2 remote-as 65001
neighbor 192.0.2.2 prefix-list myprefixlist1 in
Thanks
Solved! Go to Solution.
06-23-2019 09:34 AM - edited 06-23-2019 09:40 AM
"Wouldn't ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24 ge 23 le 25 cover all subnets in 172.30.x.x/24?"
It would be:
ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/16 ge 23 le 25
"I guess I could just do?
ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24
That would match exactly the 172.30.0.0/24 and nothing else.
or
172.30.0.0/19 ge 24 le 24 as this will allow 172.30.0.x/24-172.30.31.x/24 subnets"
Sounds good to me :)
Cheers.
06-23-2019 08:16 AM
06-23-2019 08:28 AM
06-23-2019 09:05 AM - edited 06-23-2019 09:10 AM
Wouldn't ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24 ge 23 le 25 cover all subnets in 172.30.x.x/24?
I have the range start from 172.30.1.x/24 , but have some on 172.30.3.x/24 then 7.x/24, 14,x/24, 21.x/24 and so on up until 31.x/24. They are in no sequential order.
I guess I could just do?
ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24
or
172.30.0.0/19 ge 24 le 24 as this will allow 172.30.0.x/24-172.30.31.x/24 subnets
06-23-2019 09:34 AM - edited 06-23-2019 09:40 AM
"Wouldn't ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24 ge 23 le 25 cover all subnets in 172.30.x.x/24?"
It would be:
ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/16 ge 23 le 25
"I guess I could just do?
ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24
That would match exactly the 172.30.0.0/24 and nothing else.
or
172.30.0.0/19 ge 24 le 24 as this will allow 172.30.0.x/24-172.30.31.x/24 subnets"
Sounds good to me :)
Cheers.
06-23-2019 09:42 AM
06-23-2019 10:04 AM - edited 06-23-2019 10:07 AM
permit 172.30.0.0/24 ge 23 le 25 --is invalid due to length of /24; make sure: specified length < ge-value <= le-value, that's why Hector used /16 and not /24
1st part is match my network bits. aka 24 bits in 172.30.0.0, so last octet does not matter what u got.
then, match mark prefix length /23, /24,and /25 inclusive
06-23-2019 08:48 AM - edited 06-23-2019 08:57 AM
we have about 10 networks /24 here like 172.30.5.0/24 and 172.30.15.0/24
your prefix should be 172.30.0.0/20 ge 24 le 24
- 172.30.0.0 255.255.240.0 give u range of 172.30.0.1 to 172.30.15.254 (magic number 16)
- ge 24 le 24 is needed to mark prefix length, which is /24 exact
Furthermore, if u want to eliminate 1st 4 prefixes, 172.30.0.0/24 thru 172.30.4.0/24 since you have 172.30.5.0/24 thru 10.0
you can add deny before permitting 172.30.5.0/20
deny 172.30.0.0/22 ge 24 le 24
permit 172.30.5.0/20 ge 24 le 24
how to get that or why , see https://learningnetwork.cisco.com/thread/133609?start=0&tstart=0
--------------------
Please rate and mark posts accordingly if you have found any of the information provided useful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide