deny specific prefixes in bgp
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-22-2017 01:10 PM
Hi,
i am trying to deny exact prefixes 66.133.0.0/23 and 66.133.2.0/23 from being advertised and allow everyhting else to an iBGP neighbor (214.63.21.4) the configuration should be done on 214.63.21.3. using a neighbor route-policy command.
Neighbor 214.63.21.3 is connected to neighbor 214.63.21.4.
can someone help .
thank you,
elie
i am trying to deny exact prefixes 66.133.0.0/23 and 66.133.2.0/23 from being advertised and allow everyhting else to an iBGP neighbor (214.63.21.4) the configuration should be done on 214.63.21.3. using a neighbor route-policy command.
Neighbor 214.63.21.3 is connected to neighbor 214.63.21.4.
can someone help .
thank you,
elie
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-22-2017 01:48 PM
Hi Elie,
You should be able to do this with a routing policy. See the link below for syntax details:
http://documentation.extremenetworks.com/exos_22.2/EXOS_21_1/Routing_Policies/r_routing-policy-file-...
For example, you could do:entry ip_entry { if match any { nlri 66.133.0.0/23 exact; nlri 66.133.0.2/23 exact; } then { deny; } }
You should be able to do this with a routing policy. See the link below for syntax details:
http://documentation.extremenetworks.com/exos_22.2/EXOS_21_1/Routing_Policies/r_routing-policy-file-...
For example, you could do:entry ip_entry { if match any { nlri 66.133.0.0/23 exact; nlri 66.133.0.2/23 exact; } then { deny; } }
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-22-2017 01:48 PM
Hi Brandon, i advertised these 2 prefixes 66.133.0.0/23 66.133.2.0/23 on the primary router connected to the primary ISP . i used the policy written above to block these 2 routes from being advertised to the standby router that i connected to the secondary ISP . the router said . Error: Failed to read policy file AS1187_OUT
can you please advice ?
thank you,
elie
can you please advice ?
thank you,
elie
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-22-2017 01:48 PM
Thank You Brandon .
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-22-2017 01:48 PM
That's correct. Just make sure to use 'if match any' for the entries with multiple of the same match conditions.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-22-2017 01:48 PM
so the End Result for only denying the 66 and allow all others would be something like this :
configure bgp neighbor 30.119.210.6 route-policy out AS1187_OUT
edit policy AS1187_OUT
entry TOEXP{
if match {
nlri 66.133.0.0/23 exact;
nlri 66.133.2.0/23 exact;
}then{
deny;
}
}
entry TOEXP1 {
if match any {
nlri 0.0.0.0/0;
}then{
permit;
}
}
Please, correct me if I am wrong .
thank you very much for your help
configure bgp neighbor 30.119.210.6 route-policy out AS1187_OUT
edit policy AS1187_OUT
entry TOEXP{
if match {
nlri 66.133.0.0/23 exact;
nlri 66.133.2.0/23 exact;
}then{
deny;
}
}
entry TOEXP1 {
if match any {
nlri 0.0.0.0/0;
}then{
permit;
}
}
Please, correct me if I am wrong .
thank you very much for your help
