BGP Issue with outbound route-map

I am really hoping this is a finger fault local… but it might be a bug (and ill move it / bug it if it is).

Running 1.2.1 on baremetal
1 Upstream ISP, and several peers via an IX, and a local peer (just showing the local peer in this case).

I only want to advertise my own range to my ISP, and my peers - not any other learned routes.

I have these 2 prefix-lists:

set policy prefix-list DefaultOut4 rule 10 action 'permit'
set policy prefix-list DefaultOut4 rule 10 prefix '23.129.64.0/24'

set policy prefix-list6 DefaultOut6 rule 10 action 'permit'
set policy prefix-list6 DefaultOut6 rule 10 prefix '2620:18c::/36'

I have these 2 route-maps:

set policy route-map NightRise-4-OUT rule 10 action 'permit'
set policy route-map NightRise-4-OUT rule 10 match ip address prefix-list 'DefaultOut4'
set policy route-map NightRise-4-OUT rule 99 action 'deny'

set policy route-map NightRise-6-OUT rule 10 action 'permit'
set policy route-map NightRise-6-OUT rule 10 match ipv6 address prefix-list 'DefaultOut6'
set policy route-map NightRise-6-OUT rule 99 action 'deny'

And they are applied to the peers:

set protocols bgp 396507 neighbor 23.129.64.2 address-family ipv4-unicast nexthop-self
set protocols bgp 396507 neighbor 23.129.64.2 address-family ipv4-unicast prefix-list
set protocols bgp 396507 neighbor 23.129.64.2 address-family ipv4-unicast route-map export 'NightRise-4-OUT'
set protocols bgp 396507 neighbor 23.129.64.2 address-family ipv4-unicast route-map import 'NightRise-4-IN'
set protocols bgp 396507 neighbor 23.129.64.2 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 396507 neighbor 23.129.64.2 description 'NightRise [inrack]'
set protocols bgp 396507 neighbor 23.129.64.2 remote-as '396388'
set protocols bgp 396507 neighbor 23.129.64.2 update-source '23.129.64.1'

set protocols bgp 396507 neighbor 2620:18c::2 address-family ipv6-unicast nexthop-self
set protocols bgp 396507 neighbor 2620:18c::2 address-family ipv6-unicast route-map export 'NightRise-6-OUT'
set protocols bgp 396507 neighbor 2620:18c::2 address-family ipv6-unicast route-map import 'NightRise-6-IN'
set protocols bgp 396507 neighbor 2620:18c::2 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 396507 neighbor 2620:18c::2 description 'NightRise [inrack]'
set protocols bgp 396507 neighbor 2620:18c::2 remote-as '396388'
set protocols bgp 396507 neighbor 2620:18c::2 update-source '2620:18c::1'

For IPv6 - this works fine… I get what I expect. From the core router:

   Network          Next Hop            Metric LocPrf Weight Path
*> 2620:18c::/36    ::                       0         32768 i

and the peer (static route, local route, and 1 BGP learned route):

S>* ::/0 [1/0] via 2620:18c::1, bond0, 1d21h10m
B   2620:18c::/36 [20/0] via fe80::3efd:feff:fe9d:67f9, bond0, 01:01:52
C>* 2620:18c::/36 is directly connected, bond0, 1d21h10m
C>* fe80::/64 is directly connected, bond0, 1d21h10m

However for IPv4… the core looks good (just one route):

   Network          Next Hop            Metric LocPrf Weight Path
*> 23.129.64.0/24   0.0.0.0                  0         32768 i

On the peer though… I see EVERYTHING

S>* 0.0.0.0/0 [1/0] via 23.129.64.1, bond0, 1d21h24m
B>* 1.0.0.0/24 [20/0] via 23.129.64.1, bond0, 01:15:38
B>* 1.1.1.0/24 [20/0] via 23.129.64.1, bond0, 01:15:38
B>* 1.11.0.0/21 [20/0] via 23.129.64.1, bond0, 01:13:41
B>* 1.11.24.0/21 [20/0] via 23.129.64.1, bond0, 01:13:40
B>* 1.11.40.0/21 [20/0] via 23.129.64.1, bond0, 01:13:41
B>* 1.11.56.0/21 [20/0] via 23.129.64.1, bond0, 01:13:41
B>* 1.11.64.0/21 [20/0] via 23.129.64.1, bond0, 01:13:40
<snip for brevity>

looking at the summary… it is showing I learned 27k routes (all the routes I have on my core)…

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
23.129.64.1     4     396507    3550    2266        0    0    0 01:16:11            1
2620:18c::1     4     396507 1820255 1648902        0    0    0 01:16:09        27155

So… whats the correct way to filter these routes? [at the core, not the peer since normally I don’t control that]. I am a little worried some of my peers are getting anomalous routes at the moment.

Thanks again :slight_smile:

Jake

In my experience, you have to SPECIFICALLY tell your IPv6 Peer NOT to advertise any IPv4 routes.

Setup an IPv4 prefix-list called NoFour or something and deny everything - 0.0.0.0/0 le 32
Then “neighbor 2620:18c::2 address-family ipv4-unicast prefix-list export NoFour”

(double check syntax - this was from memory)…

1 Like

Oh P.S. I also don’t like mixing prefix-list and route-maps - so would remove:

“set protocols bgp 396507 neighbor 23.129.64.2 address-family ipv4-unicast prefix-list” because it seems crufty.

Yep - this was an oversite :wink: I had allready deleted the actual list… but for whatever reason it had stayed (im using this neighbor for testing… so it got a little messy at times).

Yep this got it :smiley: - thanks VERY much for your help there.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.