10-09-2012 12:09 AM - edited 03-04-2019 05:47 PM
Hi Folks,
For some requirements I need to block some routes into our network. To give you a example say I want to block 1.1.0.0 /16 in my network, I have done so by adding a static Null route on our ISP facing router.
Now the drawback for this solution really comes on when I see a route matching a specific prefix being learnt by BGP, example 1.1.1.0 /24 being learnt and not being blocked.
What could be the recommendation to achieve this?
Regards,
Nikhil Kulkarni.
10-09-2012 12:37 AM
Hi,
let's suppose you want to block 1.1.1.0/24 learned via BGP:
ip prefix-list BLOCK_PREF deny 1.1.1.0/24
ip prefix-list BLOCK_PREF permit 0.0.0.0/0 le 32
router bgp xxx
neighbor x.x.x.x prefix-list in
do clear ip bgp neighbor x.x.x.x in
Regards.
Alain
Don't forget to rate helpful posts.
10-09-2012 05:41 AM
Hello Nikhil,
Hello Nikhil,
you need to implement route filtering in the inbound receiving direction.
Following your example if you want to be sure that your router will not accept any specific route within address block 1.1.0.0/16 you can use a prefix-list like
ip prefix-list UNWANTED_ROUTES permit 1.1.0.0/16 le 32
route-map INBOUND deny 10
match ip address prefix UNWANTED_ROUTES
! next empty route-map block to allow all other routes
route-map INBOUND permit 20
router bgp
neigh x.x.x.x route-map INBOUND in
For each address-block you want no component route to be accepted you will add a line to prefix-list UNWANTED_ROUTES like
ip prefix-list UNWANTED_ROUTES A.B:C:D/len le 32
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide