I am really hoping this is a finger fault local… but it might be a bug (and ill move it / bug it if it is).
Running 1.2.1 on baremetal
1 Upstream ISP, and several peers via an IX, and a local peer (just showing the local peer in this case).
I only want to advertise my own range to my ISP, and my peers - not any other learned routes.
I have these 2 prefix-lists:
set policy prefix-list DefaultOut4 rule 10 action 'permit'
set policy prefix-list DefaultOut4 rule 10 prefix '23.129.64.0/24'
set policy prefix-list6 DefaultOut6 rule 10 action 'permit'
set policy prefix-list6 DefaultOut6 rule 10 prefix '2620:18c::/36'
I have these 2 route-maps:
set policy route-map NightRise-4-OUT rule 10 action 'permit'
set policy route-map NightRise-4-OUT rule 10 match ip address prefix-list 'DefaultOut4'
set policy route-map NightRise-4-OUT rule 99 action 'deny'
set policy route-map NightRise-6-OUT rule 10 action 'permit'
set policy route-map NightRise-6-OUT rule 10 match ipv6 address prefix-list 'DefaultOut6'
set policy route-map NightRise-6-OUT rule 99 action 'deny'
And they are applied to the peers:
set protocols bgp 396507 neighbor 23.129.64.2 address-family ipv4-unicast nexthop-self
set protocols bgp 396507 neighbor 23.129.64.2 address-family ipv4-unicast prefix-list
set protocols bgp 396507 neighbor 23.129.64.2 address-family ipv4-unicast route-map export 'NightRise-4-OUT'
set protocols bgp 396507 neighbor 23.129.64.2 address-family ipv4-unicast route-map import 'NightRise-4-IN'
set protocols bgp 396507 neighbor 23.129.64.2 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 396507 neighbor 23.129.64.2 description 'NightRise [inrack]'
set protocols bgp 396507 neighbor 23.129.64.2 remote-as '396388'
set protocols bgp 396507 neighbor 23.129.64.2 update-source '23.129.64.1'
set protocols bgp 396507 neighbor 2620:18c::2 address-family ipv6-unicast nexthop-self
set protocols bgp 396507 neighbor 2620:18c::2 address-family ipv6-unicast route-map export 'NightRise-6-OUT'
set protocols bgp 396507 neighbor 2620:18c::2 address-family ipv6-unicast route-map import 'NightRise-6-IN'
set protocols bgp 396507 neighbor 2620:18c::2 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 396507 neighbor 2620:18c::2 description 'NightRise [inrack]'
set protocols bgp 396507 neighbor 2620:18c::2 remote-as '396388'
set protocols bgp 396507 neighbor 2620:18c::2 update-source '2620:18c::1'
For IPv6 - this works fine… I get what I expect. From the core router:
Network Next Hop Metric LocPrf Weight Path *> 2620:18c::/36 :: 0 32768 i
and the peer (static route, local route, and 1 BGP learned route):
S>* ::/0 [1/0] via 2620:18c::1, bond0, 1d21h10m B 2620:18c::/36 [20/0] via fe80::3efd:feff:fe9d:67f9, bond0, 01:01:52 C>* 2620:18c::/36 is directly connected, bond0, 1d21h10m C>* fe80::/64 is directly connected, bond0, 1d21h10m
However for IPv4… the core looks good (just one route):
Network Next Hop Metric LocPrf Weight Path *> 23.129.64.0/24 0.0.0.0 0 32768 i
On the peer though… I see EVERYTHING…
S>* 0.0.0.0/0 [1/0] via 23.129.64.1, bond0, 1d21h24m B>* 1.0.0.0/24 [20/0] via 23.129.64.1, bond0, 01:15:38 B>* 1.1.1.0/24 [20/0] via 23.129.64.1, bond0, 01:15:38 B>* 1.11.0.0/21 [20/0] via 23.129.64.1, bond0, 01:13:41 B>* 1.11.24.0/21 [20/0] via 23.129.64.1, bond0, 01:13:40 B>* 1.11.40.0/21 [20/0] via 23.129.64.1, bond0, 01:13:41 B>* 1.11.56.0/21 [20/0] via 23.129.64.1, bond0, 01:13:41 B>* 1.11.64.0/21 [20/0] via 23.129.64.1, bond0, 01:13:40 <snip for brevity>
looking at the summary… it is showing I learned 27k routes (all the routes I have on my core)…
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 23.129.64.1 4 396507 3550 2266 0 0 0 01:16:11 1 2620:18c::1 4 396507 1820255 1648902 0 0 0 01:16:09 27155
So… whats the correct way to filter these routes? [at the core, not the peer since normally I don’t control that]. I am a little worried some of my peers are getting anomalous routes at the moment.
Thanks again
Jake