Skip to main content

Prefix list




In this scenario I want to filter 192.168.3.x /25 , /26, /27 networks form R1 route update.
I can use access list but I need to set the rules for every network. In prefix list it will easy to filter.

R2(config-router)#do sh ip bgp
BGP table version is 8, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.1.0      10.10.10.1               0             0 1 i
*> 192.168.2.0      10.10.10.1               0             0 1 i
*> 192.168.3.0/25   10.10.10.1               0             0 1 i
*> 192.168.3.128/26 10.10.10.1               0             0 1 i
*> 192.168.3.192/27 10.10.10.1               0             0 1 i
*> 192.168.4.0/25   10.10.10.1               0             0 1 i
*> 192.168.4.128/26 10.10.10.1               0             0 1 i


When we want to exclude the all of 192.168.3.0 networks, first we need to set the deny rule and permit rule for other networks. If we don't set permit rule all network will be excluded because we need to notice all deny rule is always under the rule.

First we apply the prefix list.

ip prefix-list NEI_1 seq 5 deny 192.168.3.0/24 ge 25 le 27
ip prefix-list NEI_1 seq 10 permit 0.0.0.0/0 le 32

And apply the prefix list to BGP.

router bgp 2
 no synchronization
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 neighbor 10.10.10.1 remote-as 1
 neighbor 10.10.10.1 prefix-list NEI_1 in
 no auto-summary

Now we can check BGP network, 192.168.3.0 network is gone.

R2#sh ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.1.0      10.10.10.1               0             0 1 i
*> 192.168.2.0      10.10.10.1               0             0 1 i
*> 192.168.4.0/25   10.10.10.1               0             0 1 i
*> 192.168.4.128/26 10.10.10.1               0             0 1 i

If we want to set the prefix list 192.168.x.x/16 and filter all /25 network.
we can play the range setup from ge to le. 'ge' for minimum and 'le' for maximum.

ip prefix-list NEI_1 seq 5 deny 192.168.3.0/16 ge 25 le 25

Now all of /25 network have been removed from routing table.

R2#sh ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.1.0      10.10.10.1               0             0 1 i
*> 192.168.2.0      10.10.10.1               0             0 1 i
*> 192.168.3.128/26 10.10.10.1               0             0 1 i
*> 192.168.3.192/27 10.10.10.1               0             0 1 i
*> 192.168.4.128/26 10.10.10.1               0             0 1 i



R2#sh ip route bgp
     192.168.4.0/26 is subnetted, 1 subnets
B       192.168.4.128 [20/0] via 10.10.10.1, 00:00:57
B    192.168.1.0/24 [20/0] via 10.10.10.1, 00:00:57
B    192.168.2.0/24 [20/0] via 10.10.10.1, 00:00:57
     192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
B       192.168.3.192/27 [20/0] via 10.10.10.1, 00:00:57
B       192.168.3.128/26 [20/0] via 10.10.10.1, 00:00:57


Comments

Post a Comment

Popular posts from this blog

How to setup AWS VPC Peering (VPC to VPC)

    Hi Everyone... ဒီကနေ့တော့ VPC Peering လုပ်တဲ့ အကြောင်းလေးပြောပြပေးသွားမှာပါ။ VPC peering ဘာလို့လုပ်တာလဲ ဘယ်အချိန်တွေမှာသုံးတာလဲဆိုတာကို ကြည့်ရအောင်... သိတဲ့ အတိုင်း ပဲ AWS networking မှာ VPC ကမပါမဖြစ်အရေးပါပါတယ် AWS account တခုရဲ့ AWS region တခုမှာ VPC 5ခုအများဆုံး ထားလို့ရပါတယ်... AZ မဟုတ်ပါဘူး အဲ့ဒါလေးတော့သတိထားရမှာပါ.. peering က one to one ဖြစ်တဲ့အတွက် VPC များလာရင်တော့ configuation complex ဖြစ်လာပါမယ်၊ နောက်တခုကတခြား AWS account တွေရဲ့ VPC နဲ့ချိတ်ဆက်သုံးချင်တာတွေလဲရှိနိုင်ပါတယ် အဲ့လို VPC တွေများလာမယ်ဆိုရင်တော့ Transit Gateway ကိုသုံးတာက ပိုစိတ်ချမ်းသာရပါတယ်။ VPC နည်းသေးတယ် နောင်လဲတိုးလာဖို့ မရှိသေးဘူးဆိုရင်တော့ အခုနည်းလမ်းက ပိုအဆင်ပြေပါတယ်. ဆိုတော့ Pubilc VPC နဲ့ Private VPC ဆိုပြီးရှိတယ်ဆိုပါစို့ Pubilc VPC ထဲက webserver က Private VPC ထဲ က database ကိုလှမ်းသုံးချင်တယ်ဆိုရင် အဲ့ဒီ VPC တွေကို peering လုပ်ပေးဖို့လိုပါတယ်.. Peering လုပ်မယ်ဆိုရင်တော့ VPC ထဲက peering connections ကိုရွေးရပါမယ်. ပြီးရင်တော့ Create peering connections ကို click ပါ၊ ဒီ box ကျလာရင်တော့ ...
Post a Comment
Read more

Access-list at SVI

SVI (Switch Virtual Interfaces) We use the SVI for inter vlan routing. In this scenario I will configure the access list with SVI. In this scenario I want to permit vlan 10 network to vlan 50 Server farm. Vlan 10 and vlan 20 can communicate each other. First create vlan and then interface vlan#. Switch(config)#vlan 10 Switch(config)#interface vlan 10 Switch(config-if)#ip address 192.168.10.254 255.255.255.0 Switch(config)#vlan 20 Switch(config)#interface vlan 20 Switch(config-if)#ip address 192.168.20.254 255.255.255.0 Switch(config)#vlan 50 Switch(config)#interface vlan 50 Switch(config-if)#ip address 192.168.50.254 255.255.255.0 when we finish the vlan interface create make sure the switch port are belong to each vlan. Port to vlan assign configure is Switch(config)#interface g0/1 Switch(config-if)#switchport access vlan 10 Switch(config)#interface g0/2 Switch(config-if)#switchport access vlan 20 Switch(config)#int...
1 comment
Read more

BGP Disable Connected Check and EBGP Multi Hop

Figure 1.1 In this scenario I use OSPF for TCP reachability. We can see the difference 'disable connected' check and 'EBGP multihop'. We can use both for EBGP neighbor connection with loopback address. Disable connected check This command used to disable the connection verification process for ebgp. Use for ebgp neighbor are directly connected and they using the loopback address for peering. It not increment TTL but neighbor must reachable at single hop. EBGP multihop This command can use for ebgp neighbor are not directly connected. It increment TTL. R1 router bgp 100  neighbor 2.2.2.2 remote-as 200  neighbor 2.2.2.2 disable-connected-check  neighbor 2.2.2.2 update-source Loopback0  neighbor 3.3.3.3 remote-as 300  neighbor 3.3.3.3 ebgp-multihop 2  neighbor 3.3.3.3 update-source Loopback0 R2 router bgp 200  neighbor 1.1.1.1 remote-as 100  neighbor 1.1.1.1 disable-connected-check  neighbor 1.1.1.1 update...
Post a Comment
Read more