MP-BGP Prefix Filtering

Hi all,

 

I've been looking at the R&S v5 ATC lab for MP-BGP Prefix Filtering today and have had trouble completing the requirement to ensure "R5’s VPN_B does not see the prefix 192.168.6.0/24".

 

I was hoping to use an VRF import map to match the prefix & RT 100:1 then deny the route being imported into the VRF. I was able to complete the task using an standard extcommunity-list, however was unable to complete using an expanded community list.

 

I've added the config below including the regex string used in the expaned extcommunity-list. My only thoughts are that I've made an example within the regex string? Any thoughts would be welcome.

 

 

##########################################################################################################

Working config

============

 

ip prefix-list VPN_A_PFL seq 5 permit 172.16.5.0/24

ip extcommunity-list standard VPN_A_EX_CL_PERMIT permit rt 100:1

!

route-map DENY_VPN_A deny 10

 match ip address prefix-list VPN_A_PFL

 match extcommunity VPN_A_EX_CL_PERMIT

!

route-map DENY_VPN_A permit 20

!




Incorrect config

============



ip extcommunity-list expanded VPN_A_EX_COMM_LIST permit ^100:1$

ip prefix-list VPN_A_PFL seq 5 permit 172.16.5.0/24

!

route-map DENY_VPN_A deny 10

 match ip address prefix-list VPN_A_PFL

 match extcommunity VPN_A_EX_COMM_LIST

!

route-map DENY_VPN_A permit 20

!

 

Confirmation that extended community RT value is linked to prefix

==================================================

 

BGP routing table entry for 100:1:172.16.5.0/24, version 190

Paths: (1 available, best #1, no table)

  Not advertised to any peer

  Refresh Epoch 2

  Local

    150.1.5.5 (metric 3) from 150.1.4.4 (150.1.4.4)

      Origin incomplete, metric 0, localpref 100, valid, internal, best

      Extended Community: RT:100:1

      Originator: 150.1.5.5, Cluster list: 150.1.4.4

      mpls labels in/out nolabel/16

      rx pathid: 0, tx pathid: 0x0



###############################################################################################

Comments

  • Incorrect config

    ============



    ip extcommunity-list expanded VPN_A_EX_COMM_LIST permit ^100:1$

     

    BGP routing table entry for 100:1:172.16.5.0/24, version 190

    Paths: (1 available, best #1, no table)

      Not advertised to any peer

      Refresh Epoch 2

      Local

        150.1.5.5 (metric 3) from 150.1.4.4 (150.1.4.4)

          Origin incomplete, metric 0, localpref 100, valid, internal, best

          Extended Community: RT:100:1

          Originator: 150.1.5.5, Cluster list: 150.1.4.4

          mpls labels in/out nolabel/16

          rx pathid: 0, tx pathid: 0x0



    ###############################################################################################

     

    Hi,

     

    The issue here is matching the extended community. You filter for an extended community which starts with 100:1, while, in fact, your extended community is RT:100:1. Yes, RT is part of the community string. I guess you need to change the regex in the extended community list.

     

    Gabriel

     

     

  • Cheers for the quick response. I'll give it a test later this weekend :-)

Sign In or Register to comment.