×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

BGP Restriction

Unanswered Question
Jun 29th, 2012
User Badges:

     Hello All,


I have 2 links from thesame isp. So segments are divided between  the links and advertise using prefix-list for restriction

Now one of the link is having issues, so i decided to send all the traffic on the other link, but i realise that since there is no restriction the faulty link while the bgp is still up, all the segments inside the bgp session are advertise there because BGP is still up, now looking like there is a look, i thought of using advertise map at the level of the neighbor but recieve only a BGP default route from my upstream.


I cant shut BGP down because my neighbor ip addresss comes through BGP and my IPSEC GRE tunnels use this ip address


What else can i use in other to restrict this


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smitesh kharecha Mon, 07/02/2012 - 22:15
User Badges:
  • Silver, 250 points or more

Hi,


Match the default route with AS-Path access-list, it will work.


ip as-path access-list 2 permit ^$


ip prefix-list DEFROUTE seq 10 permit 0.0.0.0/0


route-map NON-EXISTTYP permit 10
  match ip address prefix-list DEFROUTE
  match as-path 2


HTH,

Smitesh


PS: Please rate helpful posts...

adnane dakna Tue, 07/03/2012 - 01:28
User Badges:

just to complete the solution suggested by smitesh ,


apply the route map NON-EXISTTYP in neighboor : neigboor <@IP> route-map NON-EXISTTYP in





divine007 Tue, 07/03/2012 - 01:40
User Badges:

If i use


ip prefix-list DEFROUTE seq 10 permit 0.0.0.0/0


Wont all the prefix be allowed through, i believe 0.0.0.0/0 means anything??


Regards

smitesh kharecha Tue, 07/03/2012 - 02:06
User Badges:
  • Silver, 250 points or more

Hi,


It will match all, however since you want to have conditional advertisement, even in case your primary link goes down, you will receive default via your secondary link and Access-list will still match. Hence, match default route in conditional advertisement is not a good option; unless you are receiving two default set of IP prefixes from both ISPs.


HTH,

Smitesh

milan.kulik Tue, 07/03/2012 - 02:33
User Badges:
  • Red, 2250 points or more

Hi,


IMHO,

ip prefix-list DEFROUTE seq 10 permit 0.0.0.0/0

matches only the deafult route.

If you want to match all prefixes, you would need to add

ip prefix-list DEFROUTE seq 10 permit 0.0.0.0/0 le 32


But generally , I'm missing your idea here: What do you want to achieve?


BR,

Milan

smitesh kharecha Tue, 07/03/2012 - 02:04
User Badges:
  • Silver, 250 points or more

Hi Adnane,


I beg to differ here, since this scenario we are doing conditional route-advertisement, we will use advertise-map instead of route-map as you suggested.


HTH,

Smitesh

divine007 Tue, 07/03/2012 - 02:11
User Badges:

Am getting something, tell me now that i recieve only a default BGP route from my upstream provider inside my bgp table


How will this works, since i need this routes inside my bgp routing table



Regards

adnane dakna Tue, 07/03/2012 - 02:38
User Badges:

it's better to post schema architecture with more clarifications , that will help us to converge toward right way

adnane dakna Tue, 07/03/2012 - 03:59
User Badges:

For problem 1 : us I understand you don't want to take any route from link  , to do so just create a prefix list and apply it to incoming route in link 1


ip prefix-list myprefix deny 0.0.0.0/0

neighbor @IP prefix-list mypref in

and apply command : clear ip bgp * soft


compare th result of two commands : show ip bgp neighbors @IP received-routes and show ip bgp @IP routes , it show yuo if your filter is working .


for Problem 2 I send you my solution soon

divine007 Fri, 07/06/2012 - 00:20
User Badges:

Tell me, can i influence BGP returning traffic, when i receive only a B* route from my upstream provider?


Regards

Actions

This Discussion

Related Content