четверг, 13 апреля 2023 г.

BGP conditional route injection in ASA

 I have found out one very suitable feature of the BGP. I was looking for how to inject more specific into the BGP domain and was really wondered I did not use this before. One remark here - it will not generate more specs of its own route (injected from another protocol for example). All the articles I have found were about routers but it also works with ASA firewalls too.

This is totally opposite what aggregate-address do. Now in my toolkit :)

Here is how to inject two /25 if you get /24 from the neighbor 10.42.1.1/

prefix-list UNAGGREGATED-PREFIXES seq 5 permit 10.43.1.0/25

prefix-list UNAGGREGATED-PREFIXES seq 10 permit 10.43.1.128/25

prefix-list R1-AGGREGATE seq 5 permit 10.43.1.0/24

prefix-list R1-SOURCE seq 5 permit 10.42.1.1/32


route-map PREFIX-INJECTIONS permit 10

 set ip address prefix-list UNAGGREGATED-PREFIXES


route-map AGGREGATED-ROUTE permit 10

 match ip address prefix-list R1-AGGREGATE

 match ip route-source prefix-list R1-SOURCE


router bgp 64517

address-family ipv4 unicast

bgp inject-map PREFIX-INJECTIONS exist-map AGGREGATED-ROUTE

Комментариев нет:

Отправить комментарий