Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
778
Views
0
Helpful
2
Replies

How to break longest prefix match in BGP

KullPid
Level 1
Level 1

‎03-09-2020 08:02 PM - edited ‎03-09-2020 08:24 PM

Hi,

I have simple topology:

 

[Router_trigger] --> RR <-->      PE(1) (10.10.10.0/24)

                                                   PE(2)....PE(n)

 

From Router_trigger, I add static route 10.10.10.1/32 and propagate to RR.

I want all PE except PE(1) learn this route and I don't want to configure any PEs.

 

How can I do?

 

Thanks!

Labels:
0 Helpful
2 Replies 2

Cristian Matei
VIP Alumni
VIP Alumni

‎03-10-2020 07:19 AM

Hi,

 

   In general, it's recommended that the RR just reflects routes, and has the same policies for all RR clients. So your best options would be:

      - configure a policy ingress on PE1 (i understand this is not desirable)

      - make both Router trigger and PE1 as non-route-reflector-clients, just regular IBGP neighbours, but this would prevent any routes between route trigger and PE1 be learned

      - configure an outbound policy on RR, towards PE1, restricting whatever networks you want

 

Regards,

Cristian Matei.

0 Helpful

konigl
Level 7
Level 7
In response to Cristian Matei

‎03-10-2020 08:44 AM

KullPid,

Is this for an RTBH configuration?

On the RR, I would try configuring an outbound IP prefix-list on the BGP peering with PE1 that allows any routes except /32s.  For example,

 

conf t

! First line of the IP prefix-list permits any routes down to /31 in size.

! Second line denies all routes not already permitted by the first line, which would be just the /32s.

ip prefix-list NoHostRoutes-OUT seq 10 permit 0.0.0.0/0 le 31

ip prefix-list NoHostRoutes-OUT seq 20 deny 0.0.0.0/0 le 32

router bgp xxxxxx

 address-family ipv4

  neighbor pe1.pe1.pe1.pe1 prefix-list NoHostRoutes-OUT out

 exit-address-family

end

wr mem

 

If you wanted to just block that one x.x.x.x/32 and let all other routes through to PE1, you could change the IP prefix-list to look something like this:

 

ip prefix-list NoHostRoutes-OUT seq 10 deny  x.x.x.x/32

ip prefix-list NoHostRoutes-OUT seq 20 permit 0.0.0.0/0 le 32

 

This is along the lines of what Cristian Matei suggested regarding "configure an outbound policy on RR, towards PE1, restricting whatever networks you want".  And is done on the RR, not on any of the PE(n) routers.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card