Solved: Preventing routes learned from BGP from being placed in routing table

nygenxny123 · ‎03-24-2017

We currently have 2 routers with links to 2 different providers

1 link is MPLS using BGP........with EIGRP being our internal protocol (provider #1)

2nd link is a point to point to our data center. (provider #2)

We are adding a 3rd link for VOICE...this will be from provider #1..also using BGP also using their same AS

This 3rd link will be going on router #2

Once our peer relationship was up....router number 2's routing table preferred the New BGP route (AD 20)

Before we brought this up traffic was to be going over the point to point link for default routes and traffic to the data center.

My question is

How do I prevent these routes from being placed in the routing table over this new BGP link....which we don't want for now.

Neither internal or default routes

I tried using prefix list...and route maps...but that didnt seem to do the trick with the following configs

router bgp 65011
bgp log-neighbor-changes
neighbor 172.16.0.13 remote-as 3568

address-family ipv4

neighbor 172.16.0.13 activate

neighbor 172.16.0.13 route-map BGP-DENYIN in

neighbor 172.16.0.13 prefix-list DENY-DEFAULTROUTES in

route-map BGP-DENYIN deny 10
match ip address prefix-list INTERNAL-Net

ip prefix-list INTERNAL-Net seq 5 permit 10.0.0.0/8 le 32
!
ip prefix-list DENY-DEFAULTROUTES seq 5 deny 0.0.0.0/0

Julio E. Moisa · ‎03-27-2017

Hi

Try to use route-maps instead distribute-lists, it is more flexible to apply features like communities, attributes, etc, to another specific subnets, for example:

ip prefix-list TRAFFIC-INBOUND seq 5 permit x.x.x.x/x

route-map TRAFFIC-IN permit 5
match ip address prefix-list TRAFFIC-INBOUND

address-family ipv4
neighbor 172.16.0.13 activate

neighbor 172.16.0.13 route-map TRAFFIC-IN in

then

clear ip bgp * soft.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Julio E. Moisa · ‎03-24-2017

Hi

Please correct me if Im understanding wrong, the 2 and 3rd link are connected to Router #2, are you passing the same prefixes through this both links?

Eigpr AD is 90
eBGP AD is 20

It will prefer 20 so you could modify the AD in BGP for external routes to be higher than 90, example:

router bgp 100
bgp log-neighbor-changes
distance bgp 91 200 200

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

nygenxny123 · ‎03-27-2017

Hi Julio

Router 2..link 2..Is our point to point...and was considered our primary link

to the data center

Router 1 link 1 is our MPLS and was the link for other sites

Our core switch at the remote site is still using router 1 link 1 MPLS to other sites

However in the event of failure....router 2 link 2 would be the back up

However when I enable bgp....

router 2 instead of going to router 1 link 1 now has BGP learned routes...

Although everything is ok now...in the event of router 1 failure

my concern is router 2 will be using its BGP learned routes instead of the p to p routes

sh ip route

Before enable bgp

D EX 10.6.0.0/16
[170/1080320] via 10.13.2.3, 2d16h, GigabitEthernet0/0/1

After BGP

B 10.6.0.0/16 [91/0] via 172.16.0.13, 00:00:15

I have also tried this command with no luck

distance bgp 91 200 200

Jon Marshall · ‎03-27-2017

Firstly the EIGRP route is external EIGRP with an AD of 170 so you would need to increase BGP's AD to be higher than that.

Secondly, when you tried to filter the routes as per your original post what happened ie. did the default and more specific get into the routing table or not because you should be able to filter those routes if you want.

Jon

nygenxny123 · ‎03-27-2017

Hello John,

I changed the configuration to

distance bgp 171 200 200

and that seemed to do the trick.

Although the routes were in my bgp topology table...they weren't in my routing table

as far as filtering

I tried a prefix list filtering only the route i wanted...implicit deny at the end

ip prefix-list deny-route seq 10 permit 10.1.0.0/16 le 32

address-family ipv4
neighbor 172.16.0.13 activate
neighbor 172.16.0.13 prefix-list deny-route in

After this I only saw the 10.1.0.0/16 network....which is what I wanted.

However, when I tried to use to distribute list with a route-map trying a deny first..than later a permit..

all routes were allowed and we were back at square one

address-family ipv4
neighbor 172.16.0.13 activate

neighbor 172.16.0.13 distribute-list BGP-Suppress in

route-map BGP-Suppress deny 10 (I also changed this to a permit)
match ip address prefix-list deny-route

ip prefix-list deny-route seq 10 permit 10.1.0.0/16 le 32

Why would a prefix-list statement work..filtering all but 1 network/route

in my routing table

but not the distribute list?

Julio E. Moisa · ‎03-27-2017

Hi

Try to use route-maps instead distribute-lists, it is more flexible to apply features like communities, attributes, etc, to another specific subnets, for example:

ip prefix-list TRAFFIC-INBOUND seq 5 permit x.x.x.x/x

route-map TRAFFIC-IN permit 5
match ip address prefix-list TRAFFIC-INBOUND

address-family ipv4
neighbor 172.16.0.13 activate

neighbor 172.16.0.13 route-map TRAFFIC-IN in

then

clear ip bgp * soft.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

nygenxny123 · ‎03-28-2017

Thanks Julio

Your solution worked too.

I believe my mistake was using a distribute-list and associating a prefix-list or route map with it directly with it...instead of using an ACL

i.e

once I configured and a distribute-list pointing to an ACL...routes were filtered as I expected.

I believe distribute list followed by a route map statement only works in eigrp

however distribute list will only work with and ACL in BGP