[c-nsp] Deny default route (From customer - BGP)
CiscoNSP List
cisconsp_list at hotmail.com
Tue Mar 10 02:32:23 EDT 2015
Thanks Mark - will simplify now (Now that I know it was indeed working, just received-routes was showing routes pre-filtering)...I expanded it out to make sure I wasnt missing anything obvious.
Cheers.
> Date: Tue, 10 Mar 2015 07:48:06 +0200
> From: mark.tinka at seacom.mu
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Deny default route (From customer - BGP)
>
>
>
> On 10/Mar/15 04:40, CiscoNSP List wrote:
> > Hi Everyone,
> >
> > Only had a few hours sleep, so I may be overlooking something extremely obvious...but we are receiving a default from a customer, even though route-map/prefix list *should* block it...
> > router bgp xxx
> > ...
> > address-family ipv4
> > ...
> > neighbor CUST_A route-map CUST_A-BGP-IN in
> >
> > ip prefix-list PL_DENY_DEFAULT seq 5 permit 0.0.0.0/0
> > ip prefix-list PL_CUST_A_BGP_PREFIXES seq 5 permit xxx.xxx.xxx.0/24
> >
> > route-map CUST_A-BGP-IN deny 5
> > match ip address prefix-list PL_DENY_DEFAULT
> > route-map CUST_A-BGP-IN permit 10
> > match ip address prefix-list PL_CUST_A_BGP_PREFIXES
> > set community xxxxx:1400
> >
> > Weird thing is, that "sh ip bgp summary" shows that neighbour as only having 1 in "State/PfxRcd"
> >
> > but "sh ip bgp nei xxx.xxx.xx.xx received-routes" shows the neighbour with 0.0.0.0 and there single /24
>
> Keep it simple - just use only the "PL_CUST_A_BGP_PREFIXES" prefixes,
> with its implicit "deny-all" at the end of it.
>
> Apply on your "CUST_A-BGP-IN" sequence 10 route-map and you should be
> good. Whatever is not included in the prefix list will be dropped.
>
> Mark.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list