Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  BGP how to reject /24 from received /16

    Posted 12-02-2022 10:13
    Hello,

    I'm struggling with setting up the route-filter that could allow me to reject subnet 10.82.1.0/24 from received 10.82.0.0/16 from BGP peer. 

    I was trying something like this but it is not working as /24 is smaller than received /16, so whenever I'm using  e.g.: 'show route 10.82.1.1' it shows the path through 10.82.0.0/16.

    set policy-options policy-statement from_bgp term 1 from protocol bgp
    set policy-options policy-statement from_bgp term 1 from route-filter 10.82.1.0/24 exact
    set policy-options policy-statement from_bgp term 1 then reject

    Can you please help me solve this problem?
    Thank you in advance!

    ------------------------------
    Maciej Prokopowicz
    ------------------------------


  • 2.  RE: BGP how to reject /24 from received /16

    Posted 12-02-2022 15:18
    If you are not receiving that route, specifically, then you cannot reject it. What problem are you trying to solve by denying this network? Maybe there is another answer that can be provided based upon that information.

    ------------------------------
    Eric Van Tol
    ------------------------------



  • 3.  RE: BGP how to reject /24 from received /16
    Best Answer

    Posted 12-05-2022 06:40
    You can filter this network using firewall configuration.

    Look at this example (make your necessary adjustments):

    set policy-options prefix-list BLOCK-NETWORKS 10.82.1.0/24
    set firewall family inet filter BLOCK term BLOCK-NETWORKS from prefix-list BLOCK-NETWORKS
    set firewall family inet filter Filter-IN-WAN term block-attacks filter BLOCK
    set interfaces ge-0/0/1 unit 409 family inet filter input-list Filter-IN-WAN

    I hope this helps.

    Let me know if you have any questions.

    Cheers.

    Rafael





  • 4.  RE: BGP how to reject /24 from received /16

    Posted 12-04-2022 11:38
    Hi Maciej,

    Are you receiving 10.82.1.0/24 and 10.82.0.0/16 prefixes from the BGP peer? Even if you reject 10.82.1.0/24 from being received (in case it is being received), the route to 10.82.1.1 and other hosts in 10.82.1.0/24 will still follow 10.82.0.0/16, as you have already mentioned.

    What is the exact requirement? Do you want to control the data plane traffic by rejecting traffic towards the destinations in 10.82.1.0/24? If yes, a firewall filter will be needed.
    Kindly explain the requirement in a bit more detail.

    Regards

    ------------------------------
    Sheetanshu Shekhar
    ------------------------------



  • 5.  RE: BGP how to reject /24 from received /16

    Posted 12-05-2022 06:40
    Hello,

    Thank you for all the hints. My goal was to completely reject traffic towards the destination prefix, and I achieved that with the firewall filters.

    Thanks!
    BR

    ------------------------------
    Maciej Prokopowicz
    ------------------------------