cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
500
Views
0
Helpful
4
Replies

Trying to restrict routes sent and received with prefix list

hcyrus
Level 1
Level 1

HELLLLLLP!!!

 

I am trying to filter advertised and received routes over a BGP connection to AWS and not having any success. I want to only allow 10.7.6.1 to send its network to 10.7.6.2 and I only want to receive 10.60.0.0/16 from 10.7.6.2

So here’s the low down…

 

I have a BGP connection established between 10.7.6.1 (RQ side) and 10.7.6.2 (AWS side)

 

I want to only advertise 10.7.6.0/30 to 10.7.6.2

I want to only receive 10.60.0.0/16 from 10.7.6.2

 

neighbor 10.7.6.2 activate

  neighbor 10.7.6.2 soft-reconfiguration inbound

  neighbor 10.7.6.2 route-map awsin in

  neighbor 10.7.6.2 route-map aws out

 

I am in the process of removing all the permit statements except 10.7.6.0/30 to see if that works going outbound

 

ip prefix-list aws seq 5 permit 10.7.0.0/20

ip prefix-list aws seq 6 permit 10.7.1.0/30

ip prefix-list aws seq 7 permit 10.7.2.0/30

ip prefix-list aws seq 8 permit 10.7.3.0/30

ip prefix-list aws seq 9 permit 10.7.4.0/30

ip prefix-list aws seq 10 permit 10.7.5.0/30

ip prefix-list aws seq 11 permit 10.7.6.0/30

ip prefix-list aws seq 12 permit 10.7.8.0/30

ip prefix-list aws seq 13 permit 10.7.9.0/30

 

route-map aws permit 10

description aws

match ip address prefix-list aws

 

I am going to remove the deny statement and see if that does anything…

 

ip prefix-list awsin seq 5 permit 10.60.0.0/24

ip prefix-list awsin seq 10 deny 10.0.0.0/8

 

route-map awsin permit 10

description awsin

match ip address prefix-list awsin

 

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

10.7.1.2        4        65000      71      76 49077013    0    0 00:32:38        8

10.7.2.2        4        65000      70      76 49077013    0    0 00:32:38        8

10.7.3.2        4        65000      70      76 49077013    0    0 00:32:38        8

10.7.4.2        4        65000      70      75 49077013    0    0 00:32:38        8

10.7.5.2        4        65000      70      76 49077013    0    0 00:32:38        8

10.7.6.2        4        65000      24      27 49077013    0    0 00:10:14        0

10.7.8.2        4        65000      70      75 49077013    0    0 00:32:38        8

10.7.9.2        4        65000      70      75 49077013    0    0 00:32:38        8

66.116.118.225  4        23005 18601512  316913 49077075    0    0 19w2d      684403

 

sh ip bgp neighbors 10.7.6.2 advertised-routes

BGP table version is 49077152, local router ID is 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

              x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

     Network          Next Hop            Metric LocPrf Weight Path

*>  10.7.1.0/30      0.0.0.0                  0         32768 i

*>  10.7.2.0/30      0.0.0.0                  0         32768 i

*>  10.7.3.0/30      0.0.0.0                  0         32768 i

*>  10.7.4.0/30      0.0.0.0                  0         32768 i

*>  10.7.5.0/30      0.0.0.0                  0         32768 i

*>  10.7.6.0/30      0.0.0.0                  0         32768 i

*>  10.7.8.0/30      0.0.0.0                  0         32768 i

*>  10.7.9.0/30      0.0.0.0                  0         32768 i

 

Total number of prefixes 8

 

sh ip bgp neighbors 10.7.6.2 received-routes

BGP table version is 49077217, local router ID is 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

              x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

     Network          Next Hop            Metric LocPrf Weight Path

*   10.10.0.0/16     10.7.6.2                               0 65000 i

*   10.20.0.0/16     10.7.6.2                               0 65000 i

*   10.30.0.0/16     10.7.6.2                               0 65000 i

*   10.40.0.0/16     10.7.6.2                               0 65000 i

*   10.50.0.0/16     10.7.6.2                               0 65000 i

*   10.60.0.0/16     10.7.6.2                               0 65000 i

*   10.80.0.0/16     10.7.6.2                               0 65000 i

*   10.90.0.0/16     10.7.6.2                               0 65000 i

 

Total number of prefixes 8

 

 

4 Replies 4

Hello,

 

I want to only receive 10.60.0.0/16 from 10.7.6.2

 

but you have configured:

 

ip prefix-list awsin seq 5 permit 10.60.0.0/24

 

Make sure you change the /24 to /16 in the prefix list.

 

 

I put this into GNS3, here is my working config:

 

router bgp 1
bgp log-neighbor-changes
neighbor 10.7.6.2 remote-as 2
!
address-family ipv4
network 10.7.6.0 mask 255.255.255.252
network 10.7.8.0 mask 255.255.255.252
network 10.7.9.0 mask 255.255.255.252
neighbor 10.7.6.2 activate
neighbor 10.7.6.2 soft-reconfiguration inbound
neighbor 10.7.6.2 route-map awsin in
neighbor 10.7.6.2 route-map aws out
exit-address-family
!
ip prefix-list aws seq 5 permit 10.7.6.0/30
!
ip prefix-list awsin seq 5 permit 10.60.0.0/16
!
route-map awsin permit 10
match ip address prefix-list awsin
!
route-map aws permit 10
match ip address prefix-list aws

 

I was able to get it to do what I wanted by doing the following

 

ip prefix-list 701 seq 10 permit 10.7.1.0/30
ip prefix-list 701in seq 5 permit 10.10.0.0/16
ip prefix-list 702 seq 5 permit 10.7.2.0/30
ip prefix-list 702in seq 5 permit 10.20.0.0/16
ip prefix-list 703 seq 5 permit 10.7.3.0/30
ip prefix-list 703in seq 5 permit 10.30.0.0/16
ip prefix-list 704 seq 5 permit 10.7.4.0/30
ip prefix-list 704in seq 5 permit 10.40.0.0/16
ip prefix-list 705 seq 5 permit 10.7.5.0/30
ip prefix-list 705in seq 5 permit 10.50.0.0/16

ip prefix-list 706out seq 5 permit 10.7.6.0/24
ip prefix-list 708 seq 5 permit 10.7.8.0/30
ip prefix-list 708in seq 5 permit 10.80.0.0/16
ip prefix-list 709 seq 5 permit 10.7.9.0/30
ip prefix-list 709in seq 5 permit 10.90.0.0/16

 

neighbor 10.7.1.2 activate
neighbor 10.7.1.2 soft-reconfiguration inbound
neighbor 10.7.1.2 prefix-list 701in in
neighbor 10.7.1.2 prefix-list 701 out
neighbor 10.7.2.2 activate
neighbor 10.7.2.2 soft-reconfiguration inbound
neighbor 10.7.2.2 prefix-list 702in in
neighbor 10.7.2.2 prefix-list 702 out
neighbor 10.7.3.2 activate
neighbor 10.7.3.2 soft-reconfiguration inbound
neighbor 10.7.3.2 prefix-list 703in in
neighbor 10.7.3.2 prefix-list 703 out
neighbor 10.7.4.2 activate
neighbor 10.7.4.2 soft-reconfiguration inbound
neighbor 10.7.4.2 prefix-list 704in in
neighbor 10.7.4.2 prefix-list 704 out
neighbor 10.7.5.2 activate
neighbor 10.7.5.2 soft-reconfiguration inbound
neighbor 10.7.5.2 prefix-list 705in in
neighbor 10.7.5.2 prefix-list 705 out
neighbor 10.7.6.2 activate
neighbor 10.7.6.2 soft-reconfiguration inbound
neighbor 10.7.6.2 prefix-list test in
neighbor 10.7.6.2 prefix-list test1 out
neighbor 10.7.8.2 activate
neighbor 10.7.8.2 soft-reconfiguration inbound
neighbor 10.7.8.2 prefix-list 708in in
neighbor 10.7.8.2 prefix-list 708 out
neighbor 10.7.9.2 activate
neighbor 10.7.9.2 soft-reconfiguration inbound
neighbor 10.7.9.2 prefix-list 709in in
neighbor 10.7.9.2 prefix-list 709 out

 

which gives me the following for each neighbor

 

sh ip bgp neighbors 10.7.6.2 routes
BGP table version is 49099752, local router ID is 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 10.60.0.0/16 10.7.6.2 0 65000 i

Total number of prefixes 1

 

sh ip bgp neighbors 10.7.6.2 advertised-routes
BGP table version is 49099884, local router ID is 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 10.7.6.0/30 0.0.0.0 0 32768 i

Total number of prefixes 1

 

Not sure why i have a next hop of 0.0.0.0

Hello,

 

next hop 0.0.0.0 simply means that the network 10.7.6.0/30 is locally originated. How do you advertise that network, with a 'network' statement under the address family ?

yep

 

address-family ipv4
network 10.7.0.0 mask 255.255.240.0  <- need to remove this one i think....
network 10.7.1.0 mask 255.255.255.252
network 10.7.2.0 mask 255.255.255.252
network 10.7.3.0 mask 255.255.255.252
network 10.7.4.0 mask 255.255.255.252
network 10.7.5.0 mask 255.255.255.252
network 10.7.6.0 mask 255.255.255.252
network 10.7.8.0 mask 255.255.255.252
network 10.7.9.0 mask 255.255.255.252

Review Cisco Networking for a $25 gift card