Below topology was used for this post, and all the configuration happened on two Cisco CSR1000v
BGP Selective Next-hop Route filtering
Imagine that you want to accept routes only from peers, which the route covering the next-hop passes specific conditions, such as prefix-length, or protocol.
In the following configuration I will only accept routes from peers, which the route covering the next-hop has a mask of less-equal to 24:
Let’s see the current BGP table:
csr1#s ip bg Network Next Hop Metric LocPrf Weight Path *> 1.1.1.1/32 0.0.0.0 0 32768 i * 2.2.2.2/32 192.168.12.2 0 0 11 22 2 i *> 12.12.12.2 0 0 2 i * 222.222.222.0/23 192.168.12.2 0 0 11 22 2 i *> 12.12.12.2 0 0 2 i
And now the routes covering the next-hops:
csr1#s ip route 192.168.12.2 Routing entry for 192.168.12.0/25 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via GigabitEthernet1 Route metric is 0, traffic share count is 1 csr1#s ip route 12.12.12.2 Routing entry for 12.12.12.0/23 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via GigabitEthernet2 Route metric is 0, traffic share count is 1
Now, with the following configuration, the routes with 12.12.12.2 as next-hop, shouldn’t take part in BGP best-path selection, and the routes with 192.168.12.2 should become best.
csr1#sh run | i le 24 ip prefix-list FILTER24 seq 1 permit 0.0.0.0/0 le 24 csr1#sr | s map route-map CHECK_NEXTHOP deny 1 description DISCARDING THE ROUTES IF THE ROUTE REACHING THE NEXTHOP DOESN'T PASS match ip address prefix-list FILTER24 route-map CHECK_NEXTHOP permit 5 description ALLOWING ALL OTHER ROUTES csr1(config)#router bgp 1 csr1(config-router)#bgp nexthop route-map CHECK_NEXTHOP
Let’s verify:
csr1(config-router)#do s ip bg Network Next Hop Metric LocPrf Weight Path *> 1.1.1.1/32 0.0.0.0 0 32768 i *> 2.2.2.2/32 192.168.12.2 0 0 11 22 2 i * 12.12.12.2 0 0 2 i *> 222.222.222.0/23 192.168.12.2 0 0 11 22 2 i * 12.12.12.2 0 0 2 i