This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Javier_Pobeda
Explorer
‎2020-06-03 08:24 PM

eBGP routemaps configuration

Hi folks,

 

I have two pair of clusters running R80.10.

Each cluster peers to 2 PE peers and I want to make one of them primary and the other one standby.

Both clusters are peering ok and exchanging prefixes so that's not a problem, it's mainly about route filtering and attributes.

So my config looks something like this

For inbound prefixes, let's say PE routers are 10.10.10.1 and 10.10.10.2

And I want to only accept the networks on the match statements + set local pref to 250 on prefixes coming from 10.10.10.1 and 150 for prefixes coming from 10.10.10.2

set routemap bgp-201 id 101 on
set routemap bgp-201 id 101 allow
set routemap bgp-201 id 101 match neighbor 10.10.10.1 on
set routemap bgp-201 id 101 match network 192.168.0.0/16 all
set routemap bgp-201 id 101 match network 10.10.222.64/26 exact
set routemap bgp-201 id 101 match network 10.10.222.64/26 exact
set routemap bgp-201 id 101 match network 172.18.0.0/16 all
set routemap bgp-201 id 101 match network 172.19.0.0/16 all
set routemap bgp-201 id 101 action localpref 250
set routemap bgp-202 id 101 on
set routemap bgp-202 id 101 allow
set routemap bgp-202 id 101 match neighbor 10.10.10.2 on
set routemap bgp-202 id 101 match network 192.168.0.0/16 all
set routemap bgp-202 id 101 match network 10.10.222.64/26 exact
set routemap bgp-202 id 101 match network 10.10.222.64/26 exact
set routemap bgp-202 id 101 match network 172.18.0.0/16 all
set routemap bgp-202 id 101 match network 172.19.0.0/16 all
set routemap bgp-202 id 101 action localpref 150

 

The applied routemaps to the peers

set bgp external remote-as XYZ import-routemap bgp-201 preference 1 on
set bgp external remote-as XYZ import-routemap bgp-202 preference 1 on

 

Now, this if I look at show route bgp, seems to do what I want but if I go to expert mode and do route -n or even from clish show route all, the ones I filtered above are shown as "hidden" so it's not actually suppressing the prefixes, is it? What does hidden mean here, because I can tell at routing level is not doing what I want. I know this, because there is an specific network being learned by BGP that is not on any of the match network statements above that's causing routing problems.

Then to make it complete, I tried to add export routemap to prepend AS +2 and ended it up not being advertising a single prefix so clearly I got that one entirely wrong.

set routemap bgp-202-out id 101 on
set routemap bgp-202-out id 101 allow
set routemap bgp-202-out id 101 match neighbor 10.10.10.2 on
set routemap bgp-202-out id 101 action aspath-prepend-count 2

set bgp external remote-as XYZ peer 10.10.10.2 export-routemap bgp-202-out preference 1 on

I got the redistribution set this way:

set route-redistribution to bgp-as XYZ from interface eth1 on metric 10
set route-redistribution to bgp-as XYZ from interface eth2.8 on metric 10
set route-redistribution to bgp-as XYZ from interface eth2.19 on metric 10
set route-redistribution to bgp-as XYZ from interface bond1.42 on metric 10
set route-redistribution to bgp-as XYZ from interface bond1.43 on metric 10
set route-redistribution to bgp-as XYZ from interface bond1.45 on metric 10
set route-redistribution to bgp-as XYZ from interface bond1.45 on metric 10

 

Can anyone shed some light on this? What is that I'm doing wrong here?

Thanks,

 

 

0 Kudos
3 Replies
Sundeep_Mudgal
Employee
Employee
‎2020-06-07 08:25 PM

Hi,

 

      Local preference applies only to IBGP. Here is the help text when you type "?' after local preference:

> set routemap my_map id 10 action localpref ?
Sets the local preference for iBGP routes which match this
Route Map.

Value: 0 - 65535

This action only applies to the iBGP protocol, and only to Route
Maps which are used with the "import-routemap" command.

Instead of local-preference you need to use metric:

> set routemap my_map id 10 action metric value

You are using EBGP and to apply a routemap per-peer you need to do something like this:

> set bgp external remote-as 200 peer 10.10.10.10 import-routemap my_map preference 1 on

The routemap must be applied per peer as above. 

 

Please open a support case. There are routing-focals in support and they can help you out further. 

0 Kudos
vinceneil666
Advisor
‎2020-09-22 08:09 AM
In response to Sundeep_Mudgal

> set bgp external remote-as 200 peer 10.10.10.10 import-routemap my_map preference 1 on

----

This action only applies to Route Maps used with the
"export-routemap" command. It will otherwise have no effect.

0 Kudos
Ashley_Black
Contributor
‎2021-04-30 08:30 AM
In response to vinceneil666

So how do you make this work then?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events