Skip to main content
Trixsta101
Trixsta101
New Member
March 9, 2022
Question

Need to advertise single route to ISP but Block all Internal routes

  • March 9, 2022
  • 3 replies
  • 4507 views

Hi,

 

Have bgp peers set up currently but it's sending all internal routes to our ISP. id like to advertise only 111.69.40.246/29 (example IP) to them. Restricting all internal connected from being adverstived.

 

What i have done so far

 

config router bgp
config network
edit 1
set prefix 111.69.40.246 255.255.255.248

 

Config router bgp
set network-import-check disable
end

 

Can i appy a prefix-list to the neighbor  config? Or do i apply a prefix-list to a route map and apply the route map to the neighbor config?  Would this work below

 

config router prefix-list
edit "WWW_OUT"
config rule
edit 1
set prefix 111.69.40.246 255.255.255.248
unset ge
unset le
next
edit 5
set action deny
set prefix any
unset ge
unset le
next
end
next
end

 

Many thanks

3 replies

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 9, 2022

You could try applying it directly to the neighbor with "set prefix-list-out". But I recommend you compose a route-map and wrap the prefix-list around for future flexibility then apply it to the neighbor with "set route-map-out". With that way, you don't have to have the "deny all" section in the prefix-list because route-map has implicit deny at the end. You can add different prefix-list for either deny or permit in the same route-map when you need.

 

config router route-map

  edit "Limit-Advertisement"

    config rule

      edit 1

        set action permit  (default value)

        set match-ip-address "WWW_OUT"

      next

    end

  next

end

 

Toshi

 

 

Trixsta101
Trixsta101Author
New Member
March 9, 2022

Thank you will give this a try and get back to you.

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 9, 2022

You probably know already, but to check it you can use "get router info bgp neighbors <neighbor_IP> advertised-routes".

Trixsta101
Trixsta101Author
New Member
March 9, 2022

Thanks,

 

So the prefix-list can simply be

 

config rule
edit 1
set prefix 111.69.4.246 255.255.255.248
unset ge
unset le
next
end

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 9, 2022

Yes. The route-map would look for only the prefix to match.

 

Toshi

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 10, 2022

Also, based on your original post "sending all internal routes" the /29 was advertised among all other routes when you didn't apply the route-map/prefix-list to the neighbor. But now I'm not sure.

If the IP is configured on an interface of the FGT, it's not going into BGP domain until you configure re-advertisement of "connected" routes. If that's the case, you need to configure below in BGP.

 

config router bgp

  config redistribute "connected"
    set status enable

  end
end

 

Then check the BGP table (not routing-table(RIB)) with below. Just expect it might show a lot and you might need to "grep" the output.

 

get router info bgp network

 

 

Toshi

Terms & ConditionsAccessibility statement