Thanks Mark - will simplify now (Now that I know it was indeed working, just received-routes was showing routes pre-filtering)...I expanded it out to make sure I wasnt missing anything obvious.
Cheers. > Date: Tue, 10 Mar 2015 07:48:06 +0200 > From: [email protected] > To: [email protected] > Subject: Re: [c-nsp] Deny default route (From customer - BGP) > > > > On 10/Mar/15 04:40, CiscoNSP List wrote: > > Hi Everyone, > > > > Only had a few hours sleep, so I may be overlooking something extremely > > obvious...but we are receiving a default from a customer, even though > > route-map/prefix list *should* block it... > > router bgp xxx > > ... > > address-family ipv4 > > ... > > neighbor CUST_A route-map CUST_A-BGP-IN in > > > > ip prefix-list PL_DENY_DEFAULT seq 5 permit 0.0.0.0/0 > > ip prefix-list PL_CUST_A_BGP_PREFIXES seq 5 permit xxx.xxx.xxx.0/24 > > > > route-map CUST_A-BGP-IN deny 5 > > match ip address prefix-list PL_DENY_DEFAULT > > route-map CUST_A-BGP-IN permit 10 > > match ip address prefix-list PL_CUST_A_BGP_PREFIXES > > set community xxxxx:1400 > > > > Weird thing is, that "sh ip bgp summary" shows that neighbour as only > > having 1 in "State/PfxRcd" > > > > but "sh ip bgp nei xxx.xxx.xx.xx received-routes" shows the neighbour with > > 0.0.0.0 and there single /24 > > Keep it simple - just use only the "PL_CUST_A_BGP_PREFIXES" prefixes, > with its implicit "deny-all" at the end of it. > > Apply on your "CUST_A-BGP-IN" sequence 10 route-map and you should be > good. Whatever is not included in the prefix list will be dropped. > > Mark. > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
