четверг, 13 апреля 2023 г.

BGP conditional route injection in ASA

 I have found out one very suitable feature of the BGP. I was looking for how to inject more specific into the BGP domain and was really wondered I did not use this before. One remark here - it will not generate more specs of its own route (injected from another protocol for example). All the articles I have found were about routers but it also works with ASA firewalls too.

This is totally opposite what aggregate-address do. Now in my toolkit :)

Here is how to inject two /25 if you get /24 from the neighbor

prefix-list UNAGGREGATED-PREFIXES seq 5 permit

prefix-list UNAGGREGATED-PREFIXES seq 10 permit

prefix-list R1-AGGREGATE seq 5 permit

prefix-list R1-SOURCE seq 5 permit

route-map PREFIX-INJECTIONS permit 10

 set ip address prefix-list UNAGGREGATED-PREFIXES

route-map AGGREGATED-ROUTE permit 10

 match ip address prefix-list R1-AGGREGATE

 match ip route-source prefix-list R1-SOURCE

router bgp 64517

address-family ipv4 unicast


Комментариев нет:

Отправить комментарий