Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
5
Helpful
3
Replies

Filter BGP neighbor routes

Go to solution
wilson_1234_2
Level 3
Level 3

‎06-04-2008 04:25 PM - edited ‎03-03-2019 10:14 PM

I am trying to filter routes from my BGP neighbor using the cisco document:

"How to Block One or More Networks From a BGP Peer"

This does not seem to be working for me, am I missing something?

I only want the routes in the below access-list in the BGP route table, but I am getting numerous routes from the neighbor I would like to filter out:

router bgp 1

no synchronization

bgp router-id 172.16.254.252

bgp log-neighbor-changes

network 10.2.0.0 mask 255.255.0.0

neighbor 6.1.2.1 remote-as 65000

neighbor 6.1.2.1 distribute-list 120 in

no auto-summary

access-list 120 permit ip 172.20.20.0 0.0.0.0 255.255.255.128 0.0.0.0

access-list 120 permit ip 172.20.20.128 0.0.0.0 255.255.255.128 0.0.0.0

access-list 120 permit ip 172.21.20.0 0.0.0.0 255.255.255.128 0.0.0.0

access-list 120 permit ip 172.21.20.128 0.0.0.0 255.255.255.128 0.0.0.0

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎06-04-2008 05:26 PM

Richard

I do not see a syntactic error. So it would be reasonable to assume that there is an error in the logic. But we do not have anything that shows us what the logic should be of what should be permitted and what should be denied. It would be helpful if you would post some of the routes that appear in the BGP table from this neighbor that you think should not be permitted.

I will note that distribute lists are a bit more tricky in BGP than in the Interior Routing Protocols. And therefore in BGP we sometimes prefer to use prefix lists. In the Interior protocols the distribute list is usually a standard access list which identifies routes to be permitted or denied. In BGP it is common to use an extended access list. But in this use an extended access list is not talking about source address and destination address (as extended access lists usually do) but is talking about the prefix and the masking of the prefix.

The second thought that occurs to me is to wonder if the distribute list was configured and applied after the neighbor was already established? If the neighbor relationship is established before the distribute list then all the routes from the neighbor would be accepted. And when the distribute list is applied it only affects new advertisements. So routes already in the table remain in the table. A way to check this is to reset or clear the neighbor relationship. If you tear down the neighbor relationship and re-establish it then only the routes permitted in the distribute list should appear in the table.

HTH

Rick

HTH

Rick

View solution in original post

3 Replies 3

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎06-04-2008 05:26 PM

Richard

I do not see a syntactic error. So it would be reasonable to assume that there is an error in the logic. But we do not have anything that shows us what the logic should be of what should be permitted and what should be denied. It would be helpful if you would post some of the routes that appear in the BGP table from this neighbor that you think should not be permitted.

I will note that distribute lists are a bit more tricky in BGP than in the Interior Routing Protocols. And therefore in BGP we sometimes prefer to use prefix lists. In the Interior protocols the distribute list is usually a standard access list which identifies routes to be permitted or denied. In BGP it is common to use an extended access list. But in this use an extended access list is not talking about source address and destination address (as extended access lists usually do) but is talking about the prefix and the masking of the prefix.

The second thought that occurs to me is to wonder if the distribute list was configured and applied after the neighbor was already established? If the neighbor relationship is established before the distribute list then all the routes from the neighbor would be accepted. And when the distribute list is applied it only affects new advertisements. So routes already in the table remain in the table. A way to check this is to reset or clear the neighbor relationship. If you tear down the neighbor relationship and re-establish it then only the routes permitted in the distribute list should appear in the table.

HTH

Rick

HTH

Rick

Go to solution
wilson_1234_2
Level 3
Level 3
In response to Richard Burts

‎06-04-2008 05:58 PM

Excellent point Rick about re-establishing the neighbor, I will try that and let you know.

Update:

Rick, you were correct.

I reloaded the router and have the route table I want.

Thank you!

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to wilson_1234_2

‎06-04-2008 06:15 PM

Richard

I am glad that my suggestion did help lead you to the solution. Thank you for using the rating system to indicate that the problem was resolved (and thanks for the rating).

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card