Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
1
Helpful
6
Replies

how to use BGP to partially isolate a site

tachyon05
Level 1
Level 1

‎01-22-2025 10:31 AM

I have sites that are connected to each other via BGP.  Each site BGP configuration has prefix lists that controls what routes are allowed to be learned from / advertised to BGP.  Currently all sites can communicate with each other.   What is the best / most efficient way achieve the below goals?

1. site # 3 can only talk with site # 6.
2. site # 6 can talk with all sites, including site # 3.
3. all sites (except # 3) can talk with each other.

I thought about changing site # 3 prefix list to only learn the CIDR from site # 6, this would break all return traffic back to other sites from leaving site # 3.  I suppose all apps that need some kind of handshake would not be able to function, but this method doesn't prevent other sites' traffic from reaching site # 3.

 

Labels:
0 Helpful
6 Replies 6

MHM Cisco World
VIP
VIP

‎01-22-2025 10:35 AM

You can use 

1- community for each site' abd then filter community-list to permit or deny the prefix 

2- use AS-path list to permit or deny the prefix

Remember if the router dont have prefix for remote site it cannot forward traffic to that site

MHM

0 Helpful

rais
Level 7
Level 7

‎01-22-2025 10:40 AM

Looks like site3 is a transit for other sites. A diagram would help.

Thanks.

0 Helpful

paul driver
VIP
VIP

‎01-22-2025 12:42 PM

Hello
can you elaborate more on the topology of your network- are these sites in their own bgp domain (ASN) or are that in the same ASN
What transit transport do they use to connect  -mpls-internet etc…
what internal routing process is running at each site?
do each site receive full bgp tables or partial or default route ?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

tachyon05
Level 1
Level 1

‎01-22-2025 01:12 PM

Each site has their own private AS.  They connect using SDWAN.  Internal routing is a mix ranging from EIGRP to static.  Each site has BGP prefix lists that control routes learned and advertised from/to SDWAN.  Site # 3 is not a transit site - it is one of the remote offices.  I don't have community list or AS path list in use anywhere, and I am hoping to find a way to achieve the goal by just reconfiguring site # 3.  Thanks

0 Helpful

MHM Cisco World
VIP
VIP
In response to tachyon05

‎01-22-2025 01:17 PM

Sdwan that other story 

Are you sure site3 is not hub?

Are you sure the tloc not point to site3

MHM

0 Helpful

tachyon05
Level 1
Level 1

‎01-22-2025 01:38 PM

Not sure what you mean by hub.  Site 3 is not the headquarter, and it is not a HUB (in a spoke - hub setup).  It is one of the remote offices, just like other remote offices we have.  I am not sure what is tloc.  The SDWAN is a managed solution, I can only control what routes are learned and advertised.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card