Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Route Map in BGP peering

AS1----------AS2------------AS3

Topology:

AS1 is our local AS

AS2 is our connected AS

AS3 is another AS connected to AS2

Objective:

At AS1 Accept all the routes present in AS2 except

default route (default is generated by AS2)

and any routes passed through or generated at AS3.

Here is how I am trying to acheive this.

At AS1 I am using a route-map IN for peering with AS2 as follows

route-map test deny 10

match access-list 1

route-map test permit 20

match as-path 2

access-list 1 permit 0.0.0.0 0.0.0.0

ip as-path access-list 2 deny _3_

ip as-path access-list 2 permit .*

Explanation:

Seq 10 (deny)of route map calls access list 1 which permit 0/0, so 0/0 is be matched and will be denied in the route map, all other routes will be passed to next sequential route map statement. Permit 20 calls ip as path list 2. first statement of ip as path list 2 denies any routes that haved passed through or are originated in AS3 . Second statement permits all other routes so all routes expect AS3 ones will be matched here for permit 20 in route map.

Then there is an implicit deny at the end of route map which will cause AS3 routes to be dropped.

Questions:

1. Is my understanding of route-map functionality is correct ?

2. Do I also need to define an IP access-list 2 as ip as-path statement has access-list 2 referenced in it ? OR is " Number 2" is an as path list number ?

3. Is there a better way to acheive same results

Thanks

IQ

2 REPLIES
New Member

Re: Route Map in BGP peering

Yes 2 is the as-path access list number, you don't need a separate ip access list.

Your approach looks fine. Personally I would do it as follows:

route-map test deny 10

match access-list 1

route-map test deny 20

match as-path 2

route-map test permit 30

access-list 1 permit 0.0.0.0 0.0.0.0

ip as-path access-list 2 permit _3_

Bronze

Re: Route Map in BGP peering

Hi,

Your understanding abt route maps is correct. And "match as-path 2" corresponds to only AS Path ACL 2 which you have created, so no need for ACL 2.

Instead of ACL, you can go for prefix lists which are easy to edit. That solution will be scalable if you want to deny more than 0.0.0.0/0 in future.

Thanks and regards..

Ashok.

With best regards... Ashok ----------- Pls kindly rate if helpful or answered your question.
109
Views
0
Helpful
2
Replies
CreatePlease to create content