Page 1 of 1

BGP

Posted: Tue Apr 15, 2008 7:12 am
by Equis
Hello

I have setup BGP that is working fine.

The problem I have is I want to annonce all my routes (ospf) but when I check that box it spits out all my internal routes also.

I setup a filter and also aggregats but it still advertises the routes I don't want.

Any help would be welcome

Thanks :-)

Re: BGP

Posted: Tue Apr 15, 2008 10:23 am
by ste
Hello

I have setup BGP that is working fine.

The problem I have is I want to annonce all my routes (ospf) but when I check that box it spits out all my internal routes also.

I setup a filter and also aggregats but it still advertises the routes I don't want.

Any help would be welcome

Thanks :-)
Hi,

what is your filter configuration?
Discard at the end of the filter?

Stefan

Re: BGP

Posted: Tue Apr 15, 2008 10:27 am
by Equis
/routing filter
add action=reject chain=speedweb-out comment="" disabled=no invert-match=no prefix=192.168.0.0/16
add action=reject chain=speedweb-out comment="" disabled=no invert-match=no prefix=10.0.0.0/8
add action=accept chain=speedweb-out comment="" disabled=no invert-match=no prefix=203.X.X.0/22
add action=accept chain=speedweb-out comment="" disabled=no invert-match=no prefix=125.X.X.0/21
add action=reject chain=speedweb-out comment="" disabled=no invert-match=no prefix=0.0.0.0

Thanks :-)

Re: BGP

Posted: Tue Apr 15, 2008 10:41 am
by ste
/routing filter
add action=reject chain=speedweb-out comment="" disabled=no invert-match=no prefix=192.168.0.0/16
add action=reject chain=speedweb-out comment="" disabled=no invert-match=no prefix=10.0.0.0/8
add action=accept chain=speedweb-out comment="" disabled=no invert-match=no prefix=203.X.X.0/22
add action=accept chain=speedweb-out comment="" disabled=no invert-match=no prefix=125.X.X.0/21
add action=reject chain=speedweb-out comment="" disabled=no invert-match=no prefix=0.0.0.0

Thanks :-)
Take a deep look at the last line ;-))).
You do not announce prefix 0.0.0.0/32 but everything else.
Leave prefix-Field empty. And check last line of your firewall rules, too :shock:
I've had the same problem. I was wondering why I got ssh attacks. But my
last rule was drop all traffic that comes from 0.0.0.0.

Stefan

Re: BGP

Posted: Tue Apr 15, 2008 10:53 am
by Equis
OK

I will try that.
Its does work, its just anonces EVERYTHING in my Routing Table