06-16-2018 06:54 AM - edited 03-08-2019 03:23 PM
Hello
I am trying to filter bgp route and allow all others
ip prefix-list no-default-route seq 5 deny 0.0.0.0/0
ip prefix-list no-default-route seq 10 permit 0.0.0.0/0 le 32
router bgp 65xxx
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 send-community
neighbor 1.1.1.1 soft-reconfiguration inbound
neighbor 1.1.1.1 prefix-list no-default-route in
why is this not working still?
When i do sh ip bgp nei 1.1.1.1 reci-rout i see the default route advertised out but when i do sh ip bgp ne 1.1.1.1 prefix list - then i see default route not in there but still is on routing table?
06-16-2018 08:37 AM - edited 06-16-2018 12:20 PM
Hi!
Change "neighbor 1.1.1.1 prefix-list no-default-route in" to "neighbor 1.1.1.1 prefix-list no-default-route out, and see of it helps?
HTH
/Mohammed
06-16-2018 04:07 PM
06-17-2018 12:49 AM
Hi!
Sorry, i misunderstand you because off you wrote "When i do sh ip bgp nei 1.1.1.1 reci-rout i see the default route advertised out but when i do sh ip bgp ne 1.1.1.1 prefix list - then i see default route not in there but still is on routing table?"
I have tested in lab your "problem" which is not any problem, why because you neighbor 1.1.1.1 is advertising to you 0.0.0.0 address to you and you will always see that address which you get/receive from your neighbor. After you get that address you did prefix-list which to block out that address to be installed on you routing table local on the router, remember that you see "sh ip bgp nei 1.1.1.1 reci-rout" is not the same what do you have in the routing table, when you see 0.0.0.0 is received from that is true because is sending to you but remember you did prefix that is allowing to you to block some routes from neighbor but you neighbor don´t know that you are blocking and you will still get those routes from your neighbor until the neighbor stops those address to be advertised. The importance is "show ip route" and "show ip bgp" if you see 0.0.0.0 is on those table then the filter does not work. But i have tested the prefix and it works .
Sorry my bad English, is not my first language.
HTH
/Mohammed
06-16-2018 11:43 AM - edited 06-16-2018 12:25 PM
Hello
@NetworkGuy! wrote:
Hello
I am trying to filter bgp route and allow all others
ip prefix-list no-default-route seq 5 deny 0.0.0.0/0
ip prefix-list no-default-route seq 10 permit 0.0.0.0/0 le 32
router bgp 65xxx
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 send-community
neighbor 1.1.1.1 soft-reconfiguration inboundneighbor 1.1.1.1 prefix-list no-default-route in
why is this not working still?
When i do sh ip bgp nei 1.1.1.1 reci-rout i see the default route advertised out but when i do sh ip bgp ne 1.1.1.1 prefix list - then i see default route not in there but still is on routing table?
Configured looks okay - just clear the bgp rib
Clear ip bgp * soft
res
Paul
06-16-2018 04:06 PM
06-16-2018 04:08 PM
06-17-2018 02:37 AM
Hello
Maybe i haven't understood you correctly - your saying when you add that filter, The rtr you add it to still receives the default route and you still see the default in the route table?
res
Paul
06-17-2018 02:43 AM
if i do a sh ip route - I see my static route in there.
When i apply the prefix-list and do sh ip route, I see still my static route in there - no change
however if i do a sh ip route neigh x.x.x.x received routes, I see a default route injected through BGP from another site
if i do a sh ip bgp prefix-list no-default-route then i see the same routes as above except for default route
makes sense? i see the prefix-list elimintes the default route but i guess its not applied?
06-17-2018 03:09 AM - edited 06-17-2018 03:17 AM
Hi!
Which static route, Can you post the output?
I will try to clarify:
If you have default route from neighbor 1.1.1.1 on you routing table before the filter. And you apply the prefix-list you posted before, what will happen then is: The default routing is out OFF the routing table but the default route is still on receiving table, you can check the command: "show ip bgp neighbors 1.1.1.1 received-routes" why? The neighbor 1.1.1.1 is still sending to you the default route but THE router you applied the prefix-list choose to block it.
Here is some show command on my test. I have two routers Router-A and Router-B. Router-A sending default routes to Router-B: the configuration off Router-B and the output without prefix-list:
conf:
router bgp 65000
bgp router-id 1.1.1.2
bgp log-neighbor-changes
network 50.50.50.0 mask 255.255.255.0
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 send-community
neighbor 1.1.1.1 soft-reconfiguration inbound
Router-B#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 1.1.1.1 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 1.1.1.1, 00:02:00
40.0.0.0/24 is subnetted, 1 subnets
B 40.40.40.0 [200/0] via 1.1.1.1, 00:20:22
And now when you applied the prefix-list and did clear ip bgp * soft:
conf:
ip prefix-list no-default-route seq 5 deny 0.0.0.0/0
ip prefix-list no-default-route seq 10 permit 0.0.0.0/0 le 32
router bgp 65000
bgp router-id 1.1.1.2
bgp log-neighbor-changes
network 50.50.50.0 mask 255.255.255.0
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 send-community
neighbor 1.1.1.1 soft-reconfiguration inbound
neighbor 1.1.1.1 prefix-list no-default-route in
Router-B#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
40.0.0.0/24 is subnetted, 1 subnets
B 40.40.40.0 [200/0] via 1.1.1.1, 00:26:19
Now the default route is gone or out off the routing table, are you with me now?
Now when you run this command you will always see the default route why? the Router-A is still advertising to Router-B the default route, and Router-B uses prefix-list to block this routes, which means that you are not stopping the Router-A to advertise default router To Router-B, but Router-B only filter outs the default-routers which is coming from Router-A:
Router-B#show ip bgp neighbors 1.1.1.1 received-routes
BGP table version is 5, local router ID is 1.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 0.0.0.0 1.1.1.1 0 100 0 ?
*>i 40.40.40.0/24 1.1.1.1 0 100 0 i
Total number of prefixes 2
Do you see the deference between when you have prefix now?
/Mohammed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide