Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
0
Helpful
3
Replies

Controlling BGP routing from my HQ to remote sistes

carl_townshend
Spotlight
Spotlight

‎06-18-2012 01:07 AM - edited ‎03-04-2019 04:42 PM

Hi all

Can anyone tell me which is the best and easiest way to control what routes my remote sites can see. We have a HQ and lots of remote sites,

would be be something like a route map on the remote end ?

cheers

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-18-2012 02:10 AM

Hello Carl,

the more scalable way to perform this is to use BGP communities to tag BGP routes sent by HQ.

On remote sites you will have a route-map matching on BGP community value(s) using a community-list.

Instead of specifying what IP prefixes you want to learn on the remote site with an IP ACL or a prefix-list, you configure the router to accept all the routes that have a BGP community value as expected.

In this way, in the future you will need to make changes only on the HQ to add a new route to those that should be learned by remote sites, by simply adding a specific BGP community value to the BGP advertisement.

Multiple BGP communities values can be associated with a single BGP advertisement making the mechanism very flexible.

You can divide the routes in multiple groups and you can associate each of them with a BGP community value.

In this way you can also configure different remote sites to accept/import more then one group of routes as needed.

To be noted in order to propagate the BGP community attribute you will need the command

neighbor x.x.x.x send-community

if it is not present.

This approach should work also if your sites are interconnected with an MPLS L3VPN if the PE routers are configured for BGP community propagation ( and they should ).

The HQ router(s) need a route-map with the set community action in the route-map blocks.

To preserve the current set of BGP communities on the route you can use set community  value additive.

Hope to help

Giuseppe

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to Giuseppe Larosa

‎06-18-2012 03:08 AM

Hi

thanks for the reply, can you give me an example of the config ?

would it be route map, match an access list, then set community ?

cheers

0 Helpful

Nandan Mathure
Level 1
Level 1
In response to carl_townshend

‎06-19-2012 11:25 PM

Hi Carl,

Apart from what Giuseppe Larosa  said you could also do it by matching routes on prefix-list and using route-map. or use a prefix-list option directly on neighbor command to filter routes.

E.G

ip prefix-list deny EXAMPLE 192.168.10.0/24

ip prefix-list permit EXAMPLE 192.168.0.0/16 le 30

ip prefix-list permit EXAMPLE 10.10.0.0/16 le 27

!

route-map SITE1

match ip address prefix-list EXAMPLE

!

router bgp XX

neigbor X.X.X.X route-map SITE1 out

or

neigbor X.X.X.X prefix-list EXAMPLE out

Thanks,

Nandan Mathure.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card