06-18-2012 01:07 AM - edited 03-04-2019 04:42 PM
Hi all
Can anyone tell me which is the best and easiest way to control what routes my remote sites can see. We have a HQ and lots of remote sites,
would be be something like a route map on the remote end ?
cheers
06-18-2012 02:10 AM
Hello Carl,
the more scalable way to perform this is to use BGP communities to tag BGP routes sent by HQ.
On remote sites you will have a route-map matching on BGP community value(s) using a community-list.
Instead of specifying what IP prefixes you want to learn on the remote site with an IP ACL or a prefix-list, you configure the router to accept all the routes that have a BGP community value as expected.
In this way, in the future you will need to make changes only on the HQ to add a new route to those that should be learned by remote sites, by simply adding a specific BGP community value to the BGP advertisement.
Multiple BGP communities values can be associated with a single BGP advertisement making the mechanism very flexible.
You can divide the routes in multiple groups and you can associate each of them with a BGP community value.
In this way you can also configure different remote sites to accept/import more then one group of routes as needed.
To be noted in order to propagate the BGP community attribute you will need the command
neighbor x.x.x.x send-community
if it is not present.
This approach should work also if your sites are interconnected with an MPLS L3VPN if the PE routers are configured for BGP community propagation ( and they should ).
The HQ router(s) need a route-map with the set community action in the route-map blocks.
To preserve the current set of BGP communities on the route you can use set community value additive.
Hope to help
Giuseppe
06-18-2012 03:08 AM
Hi
thanks for the reply, can you give me an example of the config ?
would it be route map, match an access list, then set community ?
cheers
06-19-2012 11:25 PM
Hi Carl,
Apart from what Giuseppe Larosa said you could also do it by matching routes on prefix-list and using route-map. or use a prefix-list option directly on neighbor command to filter routes.
E.G
ip prefix-list deny EXAMPLE 192.168.10.0/24
ip prefix-list permit EXAMPLE 192.168.0.0/16 le 30
ip prefix-list permit EXAMPLE 10.10.0.0/16 le 27
!
route-map SITE1
match ip address prefix-list EXAMPLE
!
router bgp XX
neigbor X.X.X.X route-map SITE1 out
or
neigbor X.X.X.X prefix-list EXAMPLE out
Thanks,
Nandan Mathure.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: