cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6446
Views
0
Helpful
9
Replies

Filter Default Route and Allow Rest BGP

NetworkGuy!
Level 1
Level 1

Hello

 

I am trying to filter bgp route and allow all others

 

ip prefix-list no-default-route seq 5 deny 0.0.0.0/0
ip prefix-list no-default-route seq 10 permit 0.0.0.0/0 le 32

 


router bgp 65xxx
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 send-community
neighbor 1.1.1.1 soft-reconfiguration inbound

neighbor 1.1.1.1 prefix-list no-default-route in

 

 

 

why is this not working still?

 

When i do sh ip bgp nei 1.1.1.1 reci-rout i see the default route advertised out but when i do sh ip bgp ne 1.1.1.1 prefix list  - then i see default route not in there but still is on routing table?

 

9 Replies 9

mohammed01701
Level 1
Level 1

Hi!

 

Change "neighbor 1.1.1.1 prefix-list no-default-route in" to "neighbor 1.1.1.1 prefix-list no-default-route out, and see of it helps?

 

HTH

/Mohammed

Woudnt it be in direction as thsts where defaukt route comes in? Out means sending out right?

Hi!

 

Sorry, i misunderstand you because off you wrote "When i do sh ip bgp nei 1.1.1.1 reci-rout i see the default route advertised out but when i do sh ip bgp ne 1.1.1.1 prefix list  - then i see default route not in there but still is on routing table?"

 

I have tested in lab your "problem" which is not any problem, why because you neighbor 1.1.1.1 is advertising to you 0.0.0.0 address to you and you will always see that address which you get/receive from your neighbor. After you get that address you did prefix-list which to block out that address to be installed on you routing table local on the router, remember that you see "sh ip bgp nei 1.1.1.1 reci-rout" is not the same what do you have in the routing table, when you see 0.0.0.0 is received from that is true because is sending to you but remember you did prefix that is allowing to you to block some routes from neighbor but you neighbor don´t know that you are blocking and you will still get those routes from your neighbor until the neighbor stops those address to be advertised. The importance is "show ip route" and "show ip bgp" if you see 0.0.0.0 is on those table then the filter does not work. But i have tested the prefix and it works .

 

Sorry my bad English, is not my first language. 

HTH

/Mohammed

Hello


@NetworkGuy!  wrote:

Hello

 

I am trying to filter bgp route and allow all others

 

ip prefix-list no-default-route seq 5 deny 0.0.0.0/0
ip prefix-list no-default-route seq 10 permit 0.0.0.0/0 le 32

 


router bgp 65xxx
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 send-community
neighbor 1.1.1.1 soft-reconfiguration inbound

neighbor 1.1.1.1 prefix-list no-default-route in

 

 

 

why is this not working still?

 

When i do sh ip bgp nei 1.1.1.1 reci-rout i see the default route advertised out but when i do sh ip bgp ne 1.1.1.1 prefix list  - then i see default route not in there but still is on routing table?

 


Configured looks okay - just clear the bgp rib

 

Clear ip bgp * soft

res
Paul

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I did that no joy

Tried this already no joy

Hello

Maybe i haven't understood you correctly - your saying when you add that filter, The rtr you add it to still receives the default route and you still see the default in the route table?

 

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

if i do a sh ip route - I see my static route in there.

When i apply the prefix-list and do sh ip route, I see still my static route in there - no change

however if i do a sh ip route neigh x.x.x.x received routes, I see a default route injected through BGP from another site

if i do a sh ip bgp prefix-list no-default-route then i see the same routes as above except for default route

 

makes sense? i see the prefix-list elimintes the default route but i guess its not applied?

Hi!

 

Which static route, Can you post the output?

 

I will try to clarify:

 

If you have default route from neighbor 1.1.1.1 on you routing table before the filter. And you apply the prefix-list you posted before, what will happen then is: The default routing is out OFF the routing table but the default route is still on receiving table, you can check the command: "show ip bgp neighbors 1.1.1.1 received-routes"  why? The neighbor 1.1.1.1 is still sending to you the default route but THE router you applied the prefix-list choose to block it.

 

Here is some show command on my test. I have two routers Router-A and Router-B. Router-A sending default routes to Router-B: the configuration off Router-B and the output without prefix-list:

conf:

 

router bgp 65000
bgp router-id 1.1.1.2
bgp log-neighbor-changes
network 50.50.50.0 mask 255.255.255.0
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 send-community
neighbor 1.1.1.1 soft-reconfiguration inbound

 

Router-B#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 1.1.1.1 to network 0.0.0.0

B* 0.0.0.0/0 [200/0] via 1.1.1.1, 00:02:00
40.0.0.0/24 is subnetted, 1 subnets
B 40.40.40.0 [200/0] via 1.1.1.1, 00:20:22

 

And now when you applied the prefix-list and did clear ip bgp * soft:

 

conf:

 

ip prefix-list no-default-route seq 5 deny 0.0.0.0/0
ip prefix-list no-default-route seq 10 permit 0.0.0.0/0 le 32

 

router bgp 65000
bgp router-id 1.1.1.2
bgp log-neighbor-changes
network 50.50.50.0 mask 255.255.255.0
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 send-community
neighbor 1.1.1.1 soft-reconfiguration inbound
neighbor 1.1.1.1 prefix-list no-default-route in

 

Router-B#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

40.0.0.0/24 is subnetted, 1 subnets
B 40.40.40.0 [200/0] via 1.1.1.1, 00:26:19

 

Now the default route is gone or out off the routing table, are you with me now?

 

Now when you run this command you will always see the default route why? the Router-A is still advertising to Router-B the default route, and Router-B uses prefix-list to block this routes, which means that you are not stopping the Router-A to advertise default router To Router-B, but Router-B only filter outs the default-routers which is coming from Router-A:

 

Router-B#show ip bgp neighbors 1.1.1.1 received-routes
BGP table version is 5, local router ID is 1.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
* i 0.0.0.0 1.1.1.1 0 100 0 ?
*>i 40.40.40.0/24 1.1.1.1 0 100 0 i

Total number of prefixes 2

 

Do you see the deference between when you have prefix now?

 

/Mohammed

Review Cisco Networking for a $25 gift card