I have a eBGP topology as follows:
RTR1 ------ DUT ------ RTR2
(AS100) (AS200) (AS300)
I do not want any
routes sent by RTR1 to be advertised into RTR2 by DUT
I do not know what exactly the prefix of the routes would be so I cannot use any prefix lists to statically block the advertisement.
What I am looking for is something like this:
- Tag all incoming routes from RTR1 with a label
- When advertising routes to RTR2, if route has a specific label, skip the advertisement.
Any pointers on how this could be achieved.?
I have some control over device RTR2, but I would prefer if we do not need to make any config changes in that router.
Best Answer
As mentioned by Ron, you can use
no-export
(Don't advertise to any eBGP peers) orno-advertise
(Don't advertise to iBGP or eBGP peers) to achieve this. However, this may strain scalability issues if bringing on another eBGP peer which you do wish to advertise these to.What I'd recommend is applying an inbound route-map/policy-statement on AS200/DUT for the eBGP session with AS100/RTR1 that sets an additive community on ingress, something like 200:65535. From here, you can apply an outbound route-map/policy-statment on AS200/DUT facing the AS300/RTR2 eBGP peer that specifically has a term to deny prefixes tagged with 200:65535.
You haven't mentioned your hardware version but here is a Cisco (IOS, IOS-XE) & Juniper configuration example (Note, not tested and written free hand):
Cisco
DUT:
Juniper
DUT: