Trying to restrict routes sent and received with prefix list

hcyrus · ‎03-29-2018

HELLLLLLP!!!

I am trying to filter advertised and received routes over a BGP connection to AWS and not having any success. I want to only allow 10.7.6.1 to send its network to 10.7.6.2 and I only want to receive 10.60.0.0/16 from 10.7.6.2

So here’s the low down…

I have a BGP connection established between 10.7.6.1 (RQ side) and 10.7.6.2 (AWS side)

I want to only advertise 10.7.6.0/30 to 10.7.6.2

I want to only receive 10.60.0.0/16 from 10.7.6.2

neighbor 10.7.6.2 activate

neighbor 10.7.6.2 soft-reconfiguration inbound

neighbor 10.7.6.2 route-map awsin in

neighbor 10.7.6.2 route-map aws out

I am in the process of removing all the permit statements except 10.7.6.0/30 to see if that works going outbound

ip prefix-list aws seq 5 permit 10.7.0.0/20

ip prefix-list aws seq 6 permit 10.7.1.0/30

ip prefix-list aws seq 7 permit 10.7.2.0/30

ip prefix-list aws seq 8 permit 10.7.3.0/30

ip prefix-list aws seq 9 permit 10.7.4.0/30

ip prefix-list aws seq 10 permit 10.7.5.0/30

ip prefix-list aws seq 11 permit 10.7.6.0/30

ip prefix-list aws seq 12 permit 10.7.8.0/30

ip prefix-list aws seq 13 permit 10.7.9.0/30

route-map aws permit 10

description aws

match ip address prefix-list aws

I am going to remove the deny statement and see if that does anything…

ip prefix-list awsin seq 5 permit 10.60.0.0/24

ip prefix-list awsin seq 10 deny 10.0.0.0/8

route-map awsin permit 10

description awsin

match ip address prefix-list awsin

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.7.1.2 4 65000 71 76 49077013 0 0 00:32:38 8

10.7.2.2 4 65000 70 76 49077013 0 0 00:32:38 8

10.7.3.2 4 65000 70 76 49077013 0 0 00:32:38 8

10.7.4.2 4 65000 70 75 49077013 0 0 00:32:38 8

10.7.5.2 4 65000 70 76 49077013 0 0 00:32:38 8

10.7.6.2 4 65000 24 27 49077013 0 0 00:10:14 0

10.7.8.2 4 65000 70 75 49077013 0 0 00:32:38 8

10.7.9.2 4 65000 70 75 49077013 0 0 00:32:38 8

66.116.118.225 4 23005 18601512 316913 49077075 0 0 19w2d 684403

sh ip bgp neighbors 10.7.6.2 advertised-routes

BGP table version is 49077152, local router ID is

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

*> 10.7.1.0/30 0.0.0.0 0 32768 i

*> 10.7.2.0/30 0.0.0.0 0 32768 i

*> 10.7.3.0/30 0.0.0.0 0 32768 i

*> 10.7.4.0/30 0.0.0.0 0 32768 i

*> 10.7.5.0/30 0.0.0.0 0 32768 i

*> 10.7.6.0/30 0.0.0.0 0 32768 i

*> 10.7.8.0/30 0.0.0.0 0 32768 i

*> 10.7.9.0/30 0.0.0.0 0 32768 i

Total number of prefixes 8

sh ip bgp neighbors 10.7.6.2 received-routes

BGP table version is 49077217, local router ID is

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

* 10.10.0.0/16 10.7.6.2 0 65000 i

* 10.20.0.0/16 10.7.6.2 0 65000 i

* 10.30.0.0/16 10.7.6.2 0 65000 i

* 10.40.0.0/16 10.7.6.2 0 65000 i

* 10.50.0.0/16 10.7.6.2 0 65000 i

* 10.60.0.0/16 10.7.6.2 0 65000 i

* 10.80.0.0/16 10.7.6.2 0 65000 i

* 10.90.0.0/16 10.7.6.2 0 65000 i

Total number of prefixes 8