cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1042
Views
0
Helpful
12
Replies

I need to block network address

MariaB1
Level 1
Level 1

Hello everyone. I am a beginner in BGP configuration. I have a following bgp router file. I need to block network IP 1.0.0.0/8 to directly access that. All other IPs  permitted to access. I tried to create an access list but it is not working probably because of my poor knowledge on syntax. If you can help me with this issue with correct syntax it would be a great help. Thank you.

 

 

12 Replies 12

Hello,

 

there are numerous ways to accomplish this, below is one of them:

 

router bgp 5
distribute-list prefix ALLOW_IN in
!
ip prefix-list ALLOW_IN seq 5 deny 1.0.0.0/8
ip prefix-list ALLOW_IN seq 10 permit 2.0.0.0/8
ip prefix-list ALLOW_IN seq 15 permit 3.0.0.0/8
ip prefix-list ALLOW_IN seq 20 permit 4.0.0.0/8

Thank you for your quick response. I really appreciate that. I tried to insert the line of codes in my bgpd files. I receive the following error now in my stdout log files:

There is no such command.
Error occured during reading below line.
distribute-list prefix ALLOW_IN in

 

Seems like distribute-list is an unknown command. Please help

Please note that I beleive it has something to do with the version of Quagga. I am using version 0.99.22.4. Thanks

Hello,

 

what BGP commands do you have available under the BGP process, and under the neighbor ?

Please excuse me for my poor knowledge on this. But not sure how do i check that. Is there a command for that? Thank you

Hello,

 

typically, if you just type the '?' question mark at the prompt, it will list the available options:

 

router bgp 5

?

 

neighbor x.x.x.x ?

 

 

Hello,

 

I think Quagga's BGP implementation supports route maps, so you could use the below. You need to apply the route map to all neighbors from which you want to filter routes:

 

ip prefix-list ALLOW_IN seq 5 deny 1.0.0.0/8
ip prefix-list ALLOW_IN seq 10 permit 2.0.0.0/8
ip prefix-list ALLOW_IN seq 15 permit 3.0.0.0/8
ip prefix-list ALLOW_IN seq 20 permit 4.0.0.0/8
!
route-map INBOUND_RM permit 10
match ip address prefix-list ALLOW_IN
!
neighbor 9.0.3.1 route-map INBOUND_RM in

Thank you so much. I see that just putting the lines:

ip prefix-list ALLOW_IN seq 5 deny 1.0.0.0/8
ip prefix-list ALLOW_IN seq 10 permit 2.0.0.0/8
ip prefix-list ALLOW_IN seq 15 permit 3.0.0.0/8
ip prefix-list ALLOW_IN seq 20 permit 4.0.0.0/8

 In the show ip bgp not showing 1.0.0.0/8 in the map.  That is I want 1.0.0.0/8  (AS1)to access (AS5) through this channel. Not from any other AS for example, I dont want AS 6 to access AS 5 with the same prefix i.e. 1.0.0.0/8 and show ip bgp shows the best path as AS6->AS5  instead of AS1->AS6 (there are few Ases in between). 

 

I noticed that by putting the commands above. It does not show 1.0.0.0/8 in the show ip bgp. It completely removed that from the map.  Thank you so much. (Sorry if my explanation is poorly worded)

 

 

Hello,

 

in that case, you need to match on AS path. I cannot really tell how your ASs are connected, can you provide something like a schematic drawing ?

yes, I will get back to you with a drawing. I will hand draw and send you a picture.

 

Thank you so much

Sorry about that, you already send a drawing by mail. That's all I need for now....

I though you were asking me to fill in the IP address. I just used random IP addresses.  Thank you

Hello,

 

I set this up in a lab, and I think you need the below. You apply a route map on R5 to neighbor R6 that matches on the AS PATH and the specific prefix you want to block. Everything else is allowed; you can tweak this as you wish. I hope Quagga supports all these BGP commands...

 

neighbor 9.0.18.1 route-map ANTI_HIJACK_RM in
!
ip as-path access-list 1 deny ^6$
!
ip prefix-list ANTI_HIJACK_PL seq 5 deny 1.0.0.0/8
!
route-map ANTI_HIJACK_RM deny 10
match ip address prefix-list ANTI_HIJACK_PL
match as-path 1
!
route-map ANTI_HIJACK_RM permit 20

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: