Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
0
Helpful
2
Replies

BGP config help for a 6848

Christopher Bell
Level 4
Level 4

‎09-08-2023 08:38 AM - edited ‎09-08-2023 10:37 AM

Hello,

I'm trying to configure a BGP process between a 6824 and two Infoblox DNS nodes (AnyCast with BGP).  At another site, we filter incoming BGP advertisements with route-maps like so (this is from Nexus 7K):

neighbor 1.1.1.1 remote-as 65000
timers 3 9
address-family ipv4 unicast
route-map IB-AC-IN in
route-map all-other-routes out
neighbor 1.1.1.2 remote-as 65000
timers 3 9
address-family ipv4 unicast
route-map IB-AC-IN in
route-map all-other-routes out
neighbor 1.1.1.3 remote-as 65000
timers 3 9
address-family ipv4 unicast
route-map IB-AC-IN in
route-map all-other-routes out

This allows us to make sure we're only taking routes from the Infoblox nodes that are intended and prevents someone from making a mistake in the Infoblox Grid and advertising an unintended IP.  The route-map IB-AC-IN has the three IPs we'll allow being advertised to the router, matched from a prefix-list with a "permit" statement.  The route-map all-other-routes out has a 0.0.0.0/0 match with a prefix-list with a "deny" statement so no other IPs are allowed to be advertised to the router from the server.

We tried to mirror this on the 6848 but the syntax is off and I can't figure out how to accomplish the same thing.  

 

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
1 person had this problem
0 Helpful
2 Replies 2

Christopher Bell
Level 4
Level 4

‎09-08-2023 10:39 AM

Would/should the below work to only allow 2.2.2.2 to be advertised into the BGP process from the Infoblox nodes to the router?

ip prefix-list IB-AC seq 30 permit 2.2.2.2/32
ip prefix-list IB-AC seq 50 deny 0.0.0.0/32

route-map IB-AC-IN permit 10
match ip address prefix-list IB-AC
exit
!

router bgp 65000
router-id 3.3.3.3
log-neighbor-changes
address-family ipv4 unicast
maximum-paths 4
neighbor 1.1.1.1 remote-as 65001
timers 3 9
address-family ipv4 unicast
route-map IB-AC-IN in
neighbor 1.1.1.2 remote-as 65001
timers 3 9
address-family ipv4 unicast
route-map IB-AC-IN in
exit

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to Christopher Bell

‎09-08-2023 01:26 PM

Hi @Christopher Bell ,

You would need to modify the second prefix-list entry to deny everything else:

ip prefix-list IB-AC seq 50 deny 0.0.0.0/0 le 32

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card