SD-WAN

 View Only
last person joined: 4 days ago 

Ask questions and share experiences with SD-WAN and Session Smart Router (formerly 128T).
  • 1.  Using BGP Route-Map Policies and Filters

     
    Posted 04-25-2018 00:00
    On the 128T Router how do I filter out one of the prefixes advertised by a BGP neighbor?


  • 2.  RE: Using BGP Route-Map Policies and Filters

    Posted 04-25-2018 00:00

    Thank you so much Joe Sofia ! This makes a lot of sense.



  • 3.  RE: Using BGP Route-Map Policies and Filters

    Posted 04-25-2018 00:00

    Hi Justin. Below is an example of filtering routes advertised to our aggregation layer switch. I am only allowing the test subnet of 10.13.13.0/24 to be advertised from 128T inbound by the policy ""allow-test-prefix-only-to-agg"":

    config authority routing policy allow-test-prefix-only-to-agg name    allow-test-prefix-only-to-agg

     

    config authority routing policy allow-test-prefix-only-to-agg statement allow-10-13-13-0-24 name    allow-10-13-13-0-24

     

    config authority routing policy allow-test-prefix-only-to-agg statement allow-10-13-13-0-24 condition address-prefix-filter-condition type      address-prefix-filter-condition

    config authority routing policy allow-test-prefix-only-to-agg statement allow-10-13-13-0-24 condition address-prefix-filter-condition prefix-filter inet-lab-headend-to-agg

     

    config authority routing policy allow-test-prefix-only-to-agg statement deny-all-else name  deny-all-else

    config authority routing policy allow-test-prefix-only-to-agg statement deny-all-else policy reject

     

     

     

    config authority router inet-lab-headend routing default-instance routing-protocol bgp description       ""Enable BGP on this Router""

    config authority router inet-lab-headend routing default-instance routing-protocol bgp type           bgp

    config authority router inet-lab-headend routing default-instance routing-protocol bgp local-as         65242

     

    config authority router inet-lab-headend routing default-instance routing-protocol bgp route-selection-options external-compare-router-id false

     

    config authority router inet-lab-headend routing default-instance routing-protocol bgp neighbor 10.254.245.89 neighbor-address      10.254.245.89

    config authority router inet-lab-headend routing default-instance routing-protocol bgp neighbor 10.254.245.89 neighbor-as        65007

    config authority router inet-lab-headend routing default-instance routing-protocol bgp neighbor 10.254.245.89 description        ""Paychex Aggregation Switch 1""

    config authority router inet-lab-headend routing default-instance routing-protocol bgp neighbor 10.254.245.89 outbound-policy-advertise true

     

    config authority router inet-lab-headend routing default-instance routing-protocol bgp neighbor 10.254.245.89 neighbor-policy outbound-policy-advertise true

    config authority router inet-lab-headend routing default-instance routing-protocol bgp neighbor 10.254.245.89 neighbor-policy outbound-policy-transit  true

    config authority router inet-lab-headend routing default-instance routing-protocol bgp neighbor 10.254.245.89 neighbor-policy outbound-policy      allow-test-prefix-only-to-agg

    config authority router inet-lab-headend routing default-instance routing-protocol bgp neighbor 10.254.245.89 address-family ipv4-unicast afi-safi ipv4-unicast

     

    config authority router inet-lab-headend routing default-instance routing-protocol bgp redistribute service protocol service

     

    Hope this helps!!



  • 4.  RE: Using BGP Route-Map Policies and Filters

    Posted 04-25-2018 00:00

    I am currently testing this functionality. We are a dual carrier MPLS shop and we are testing 128T for our headend and branch router use. I need to filter out certain IP's so peering only forms on the respective carrier's node within the router. Each node within the router is handling a carrier link. This ensures paths are formed only over the WAN links each node is responsible for. I have a test lab set up that mimics dual carriers and a set of HA routers; 1 HA Pair emulating the branch and 1 emulating the headend. I'm using the new route map functionality that is in 3.2.2 to test the filtering of certain routes.

     

    ##Here's my filter and policy config:

     

    config authority routing filter test-bgp-filter1 type prefix-filter

    config authority routing filter test-bgp-filter1 name test-bgp-filter1

     

    config authority routing filter test-bgp-filter1 rule deny-10-13-250-0-in name  deny-10-13-250-0-in

    config authority routing filter test-bgp-filter1 rule deny-10-13-250-0-in filter accept

    config authority routing filter test-bgp-filter1 rule deny-10-13-250-0-in prefix 10.13.250.0/30

     

    config authority routing policy test-policy name    test-policy

     

    config authority routing policy test-policy statement block-carrier-ip name    block-carrier-ip

    config authority routing policy test-policy statement block-carrier-ip policy   reject

     

    config authority routing policy test-policy statement block-carrier-ip condition address-prefix-filter-condition type      address-prefix-filter-condition

    config authority routing policy test-policy statement block-carrier-ip condition address-prefix-filter-condition prefix-filter test-bgp-filter1

     

    config authority routing policy test-policy statement accept-rest name accept-rest

     

    #[#]? this is my BGP config

     

    config authority router us6645ny_lab_headendrtr routing default-instance type       default-instance

     

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp type      bgp

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp local-as    65501

     

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp address-family ipv4-unicast afi-safi ipv4-unicast

     

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 neighbor-address 10.13.250.13

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 neighbor-as    65400

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 local-as     65501

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 description    ""carrier 1""

     

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 address-family ipv4-unicast afi-safi   ipv4-unicast

     

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.13 address-family ipv4-unicast prefix-limit max-prefixes 3000

     

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 neighbor-address 10.13.250.9

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 neighbor-as    65300

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 local-as     65501

     

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 neighbor-policy inbound-policy test-policy

     

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 address-family ipv4-unicast afi-safi   ipv4-unicast

     

    config authority router us6645ny_lab_headendrtr routing default-instance routing-protocol bgp neighbor 10.13.250.9 address-family ipv4-unicast prefix-limit max-prefixes 3000

     

    So far things are working as expected.



  • 5.  RE: Using BGP Route-Map Policies and Filters

    Posted 04-25-2018 00:00

    Joe Sofia Thank you so much for the example using route-maps. It is really helpful as I am testing out using route-maps as well.

     

    Would you happen to have any other examples you can show off?