Solved: BGP Routes specific to neighbor?

dclarolh1 · ‎06-22-2016

Hello,

I would only like to advertise certain BGP networks to specific neighbors. How can this be achieved?

Any help is appreciated.

Mark Malone · ‎06-22-2016

Hi

There are a few ways to do it , prefix-lists , distribute-list , route-maps attached to neighbor statement

There are a couple of examples in this doc that should help , if you have trouble still with it post what you have we can take a look

http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=102

Example 9-40. Using a Prefix List to Filter BGP Routes

Willis# show run | begin bgp
router bgp 2001
 no synchronization
 bgp log-neighbor-changes
 network 62.128.60.0 mask 255.255.254.0
network 62.128.64.0 mask 255.255.254.0
network 62.128.68.0 mask 255.255.254.0
network 62.128.72.0 mask 255.255.254.0
network 62.128.76.0 mask 255.255.254.0
 neighbor 62.128.47.6 remote-as 11151
 neighbor 62.128.47.6 prefix-list route-filter out
 neighbor 62.128.47.194 remote-as 645
 neighbor 62.128.47.198 remote-as 645
 no auto-summary
!
ip prefix-list route-filter seq 5 permit 62.128.0.0/16 le 23
Willis# show ip bgp neighbors 62.128.47.6 advertised-routes | begin Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 62.128.60.0/23   0.0.0.0                  0         32768 i
*> 62.128.64.0/23   0.0.0.0                  0         32768 i
*> 62.128.68.0/23   0.0.0.0                  0         32768 i
*> 62.128.72.0/23   0.0.0.0                  0         32768 i
*> 62.128.76.0/23   0.0.0.0                  0         32768 i

This IP prefix list provides the same type of functionality as an access list with a 0.0.1.255 wildcard mask. The 62.128.0.0/16 le 23 prefix list allows any network that begins with 62.128.x.x with a 23-bit subnet mask. If you decide to change from access lists and try IP prefix lists, be careful to check your syntax before applying the prefix list to a neighbor. Remember, that just like access lists, prefix lists end with an implicit deny; so, if you use a deny statement at the beginning of a list, you must include a permit statement at some point in the list to allow other traffic. The use of the ge and le commands might be a bit tricky at first; remember that the mask used for the prefix must match the exact prefix for all filtered routes. The ge/le statements match a range of subnet masks, like an inverse wildcard mask. For more help configuring IP prefix lists, refer to Appendix D, "IP Prefix Lists."

View solution in original post

Mark Malone · ‎06-22-2016

Hi

There are a few ways to do it , prefix-lists , distribute-list , route-maps attached to neighbor statement

There are a couple of examples in this doc that should help , if you have trouble still with it post what you have we can take a look

http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=102

Example 9-40. Using a Prefix List to Filter BGP Routes

Willis# show run | begin bgp
router bgp 2001
 no synchronization
 bgp log-neighbor-changes
 network 62.128.60.0 mask 255.255.254.0
network 62.128.64.0 mask 255.255.254.0
network 62.128.68.0 mask 255.255.254.0
network 62.128.72.0 mask 255.255.254.0
network 62.128.76.0 mask 255.255.254.0
 neighbor 62.128.47.6 remote-as 11151
 neighbor 62.128.47.6 prefix-list route-filter out
 neighbor 62.128.47.194 remote-as 645
 neighbor 62.128.47.198 remote-as 645
 no auto-summary
!
ip prefix-list route-filter seq 5 permit 62.128.0.0/16 le 23
Willis# show ip bgp neighbors 62.128.47.6 advertised-routes | begin Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 62.128.60.0/23   0.0.0.0                  0         32768 i
*> 62.128.64.0/23   0.0.0.0                  0         32768 i
*> 62.128.68.0/23   0.0.0.0                  0         32768 i
*> 62.128.72.0/23   0.0.0.0                  0         32768 i
*> 62.128.76.0/23   0.0.0.0                  0         32768 i

This IP prefix list provides the same type of functionality as an access list with a 0.0.1.255 wildcard mask. The 62.128.0.0/16 le 23 prefix list allows any network that begins with 62.128.x.x with a 23-bit subnet mask. If you decide to change from access lists and try IP prefix lists, be careful to check your syntax before applying the prefix list to a neighbor. Remember, that just like access lists, prefix lists end with an implicit deny; so, if you use a deny statement at the beginning of a list, you must include a permit statement at some point in the list to allow other traffic. The use of the ge and le commands might be a bit tricky at first; remember that the mask used for the prefix must match the exact prefix for all filtered routes. The ge/le statements match a range of subnet masks, like an inverse wildcard mask. For more help configuring IP prefix lists, refer to Appendix D, "IP Prefix Lists."

dclarolh1 · ‎06-22-2016

Thank you very much!

dclarolh1 · ‎06-22-2016

Although i'm a bit confused as to when I use one or the other of these commands?

ip prefix-list bad-host seq 100 deny 110.80.8.118/32

ip prefix-list route-filter seq 5 permit 62.128.0.0/16 le 23

Mark Malone · ‎06-23-2016

It depends on what your trying to block/permit , you need to have the same prefix name though for each line if that's whats attached to the neighbour statement

The first line denys a specific host address while the 2nd is permitting a whole subnet range but there 2 different prefix sets

When you decide what you want allowed/denyed you can do a clear ip bgp * soft which will reset the table and should show you your changes

This may help good short example

http://packetlife.net/blog/2010/feb/1/understanding-ip-prefix-lists/

dclarolh1 · ‎06-23-2016

The issue im having is when im in 'config-router-neighbor' i can't enter this command:

neighbor 62.128.47.6 prefix-list route-filter out

dclarolh1 · ‎06-23-2016

Also that article doesn't really explain the difference between the two lists. It seems like you can do one or the other method?

ip prefix-list bad-host seq 100 deny 110.80.8.118/32

ip prefix-list route-filter seq 5 permit 62.128.0.0/16 le 23

Mark Malone · ‎06-23-2016

bad-host and route-filter above have nothing to do with each other they both have different names , the bad-host is just showing how you would deny 1 specific host and route-filter shows you how to allow a subnet

If you were attaching to a neighbour they would all have the same name they would not be called different prefix names , if your using route-filter as the name then all prefixes associated with that neighbour should be called route-filter that you allow or deny

can you post your bgp config I just tested it in lab switch its taking fine

xco-d313las08(config)#router bgp 2001
xco-d313las08(config-router)# no synchronization
xco-d313las08(config-router)# bgp log-neighbor-changes
xco-d313las08(config-router)# network 62.128.60.0 mask 255.255.254.0
xco-d313las08(config-router)#network 62.128.64.0 mask 255.255.254.0
xco-d313las08(config-router)#network 62.128.68.0 mask 255.255.254.0
xco-d313las08(config-router)#network 62.128.72.0 mask 255.255.254.0
xco-d313las08(config-router)#network 62.128.76.0 mask 255.255.254.0
xco-d313las08(config-router)# neighbor 62.128.47.6 remote-as 11151
xco-d313las08(config-router)# neighbor 62.128.47.6 prefix-list route-filter out
xco-d313las08(config-router)# neighbor 62.128.47.194 remote-as 645
xco-d313las08(config-router)# neighbor 62.128.47.198 remote-as 645
xco-d313las08(config-router)# no auto-summary
xco-d313las08(config-router)#

dclarolh1 · ‎06-23-2016

For example, im trying to create a prefix list that only advertises one specific host for the AS 2222.

Here is the config as I understand it.

ip prefix-list mpls-test-filter seq 5 deny 0.0.0.0/0
ip prefix-list mpls-test-filter seq 10 permit 172.22.16.204/32

router bgp 64851
neighbor 172.22.0.1 remote-as 2222
neighbor 172.22.0.1 prefix-list mpls-test-filter out

Mark Malone · ‎06-23-2016

work from the most specific down to the most open , so allow your host first then block everything else

Try this

ip prefix-list mpls-test-filter seq 5 permit 172.22.16.204/32

ip prefix-list mpls-test-filter seq 10 deny 0.0.0.0/0 le 32

dclarolh1 · ‎06-23-2016

Strange part is the router still doesnt accept the command even after adding the prefix lists.

x(config)# router bgp 64851
x(config-router)# neighbor 172.22.0.1 ?
<CR>
remote-as Specify Autonomous System Number of the neighbor
x(config-router)# neighbor 172.22.0.1

Mark Malone · ‎06-24-2016

before you can specify the neighbour filtering you have to put it into the remote-as first its a rule in bgp configurations in the router process section that's why its throwing this alert back -----remote-as Specify Autonomous System Number of the neighbour

needs this or equivalent in your config

neighbor 62.128.47.6 remote-as 11151

dclarolh1 · ‎06-24-2016

Understood but I tried that too..

router bgp 64851
neighbor 172.22.0.1 remote-as 64851
neighbor 172.22.0.1 ?
*** No matching command found in current mode, matching in (config-router) mode ***
<CR>
remote-as Specify Autonomous System Number of the neighbor
neighbor 172.22.0.1

Muhammad Uzair · ‎06-24-2016

Hi daclarolh:

can you please share the output for "show running-config | s bgp"

you can remove the public IP(s), that would help to understand the scenario better and will solve the problem.

Kindest Regards,

Uzair

Kindest regards,
Uzair
CCENT, CCNA (R&S), CCNP (R&S).

dclarolh1 · ‎06-27-2016

router bgp 64851
router-id 172.22.0.2
address-family ipv4 unicast
network 172.22.0.2/32
network 172.22.0.128/25
redistribute ospf 120 route-map xxxx
aggregate-address 172.22.0.0/19 summary-only
neighbor 172.22.0.1 remote-as 64851
log-neighbor-changes
description Core01-Core02
password 3 nnnnnnnnnnn
update-source loopback0
address-family ipv4 unicast
next-hop-self
soft-reconfiguration inbound