Remove routes from Advertisement on a Forigate firewall
Not to myself: 10.255.32.0/20 was wired on C1, local pref was missing. so it might make sens to add this to all incoming routes 'set local-preference 100', incoming there is no issue.
show router route-map
show router route-map
config router route-map
edit "EBGP-OUT-R2"
config rule
edit 1
set action deny
set match-ip-address "EBGP-OUT-R2-DENY"
set set-community "65001:65003"
set set-community-additive enable
next
edit 2
next
end
next
endshow router prefix-list
config router prefix-list
edit "EBGP-OUT-R2-DENY"
config rule
edit 1
set prefix 10.255.32.0 255.255.240.0
unset ge
unset le
next
edit 2
set prefix 10.0.8.0 255.255.248.0
unset ge
unset le
next
end
next
endAdding more Path AS on the Edge Router 01
Change the AS Path Advertised on the EdgeRouter to the Primary Cisco Router so path on the cisco is still multi path.
set policy prefix-list EBGP-OUT-C1-P1 rule 1 action permit
set policy prefix-list EBGP-OUT-C1-P1 rule 1 prefix 10.255.32.0/20
set policy route-map EBGP-OUT-C1 rule 1 action permit
set policy route-map EBGP-OUT-C1 rule 1 match ip address prefix-list EBGP-OUT-C1-P1
set policy route-map EBGP-OUT-C1 rule 1 set as-path-prepend ‘65011’
set policy route-map EBGP-OUT-C1 rule 2 action permit
set protocols bgp 65011 neighbor 10.29.1.21 route-map export EBGP-OUT-C1
show ip bgp neighbors 10.29.1.21 advertised-routes
BGP table version is 20, local router ID is 10.29.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0/0 10.29.1.18 0 65001 i
*> 10.0.8.0/21 10.29.1.18 0 65001 65534 65002 i
*> 10.29.0.1/32 10.29.1.18 100 32768 i
*> 10.29.0.2/32 10.29.1.18 0 65012 i
*> 10.255.32.0/20 10.29.1.18 0 65011 65001 65534 65003 i
Total number of prefixes 5
Add more AS to the path incoming on Cisco01
ip prefix-list EBGP-IN-E1-P1 permit 10.0.8.0/21
!
ip prefix-list EBGP-IN-E1-P2 permit 10.255.32.0/20
!
route-map EBGP-IN-E1 permit 10
match ip address prefix-list EBGP-IN-E1-P1
set as-path prepend last-as 1
set local-preference 100
!
route-map EBGP-IN-E1 permit 20
match ip address prefix-list EBGP-IN-E1-P2
set local-preference 100
!
router bgp 65021
neighbor 10.29.1.18 route-map EBGP-IN-E1 inVerify on the Cisco
show ip route
show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.255.80.29 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 10.255.80.29, 00:33:41
[20/0] via 10.29.1.18, 00:33:41
10.0.0.0/8 is variably subnetted, 34 subnets, 6 masks
B 10.255.32.0/20 [20/0] via 10.255.80.29, 00:33:41
[20/0] via 10.29.1.18, 00:33:41
show ip bgp neighbors 10.29.1.18 received-routes
BGP table version is 104, local router ID is 10.255.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* 0.0.0.0 10.29.1.18 0 65011 65001 i
* 10.0.8.0/21 10.29.1.18 0 65011 65001 65534 65002 i
* 10.29.0.1/32 10.29.1.18 0 65011 i
* 10.29.0.2/32 10.29.1.18 0 65011 65012 i
* 10.255.32.0/20 10.29.1.18 0 65011 65011 65001 65534 65003 i
Total number of prefixes 5
show ip bgp
show ip bgp
BGP table version is 51, local router ID is 10.255.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 10.29.1.18 0 65011 65001 i
*mi 10.255.80.29 0 100 0 65012 65001 i
*mi 10.0.8.0/21 10.255.80.29 0 100 0 65012 65011 65001 65534 65002 i
*> 10.29.1.18 0 65011 65011 65001 65534 65002 i
*> 10.255.32.0/20 10.29.1.18 0 65011 65011 65001 65534 65003 i
*mi 10.255.80.29 0 100 0 65012 65011 65001 65534 65003 i
show ip bgp 10.255.32.0/20
BGP routing table entry for 10.255.32.0/20, version 9
Paths: (2 available, best #1, table default)
Multipath: eiBGP
Not advertised to any peer
Refresh Epoch 1
65012 65011 65001 65534 65003, (received & used)
10.255.80.29 from 10.255.80.29 (10.255.0.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
rx pathid: 0, tx pathid: 0x0
Updated on Jun 27 2024 05:42:42 UTC
Refresh Epoch 1
65011 65011 65001 65534 65003, (received-only)
10.29.1.18 from 10.29.1.18 (10.29.0.1)
Origin IGP, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
Updated on Jun 27 2024 05:42:40 UTC
#show ip bgp 10.255.32.0/20
BGP routing table entry for 10.255.32.0/20, version 16
Paths: (2 available, best #2, table default)
Multipath: eiBGP
Not advertised to any peer
Refresh Epoch 1
65012 65011 65001 65534 65003, (received & used)
10.255.80.29 from 10.255.80.29 (10.255.0.2)
Origin IGP, metric 0, localpref 100, valid, internal, multipath(oldest)
rx pathid: 0, tx pathid: 0
Updated on Jun 27 2024 05:42:42 UTC
Refresh Epoch 1
65011 65011 65001 65534 65003, (received & used)
10.29.1.18 from 10.29.1.18 (10.29.0.1)
Origin IGP, localpref 100, valid, external, multipath, best
rx pathid: 0, tx pathid: 0x0
Updated on Jun 27 2024 05:42:40 UTC
show ip bgp 10.0.8.0/21
BGP routing table entry for 10.0.8.0/21, version 14
Paths: (3 available, best #2, table default)
Multipath: eiBGP
Not advertised to any peer
Refresh Epoch 1
65012 65011 65001 65534 65002, (received & used)
10.255.80.29 from 10.255.80.29 (10.255.0.2)
Origin IGP, metric 0, localpref 100, valid, internal, multipath(oldest)
rx pathid: 0, tx pathid: 0
Updated on Jun 27 2024 05:42:42 UTC
Refresh Epoch 1
65011 65011 65001 65534 65002
10.29.1.18 from 10.29.1.18 (10.29.0.1)
Origin IGP, metric 0, localpref 100, valid, external, multipath, best
rx pathid: 0, tx pathid: 0x0
Updated on Jun 27 2024 05:45:59 UTC
Refresh Epoch 1
65011 65001 65534 65002, (received-only)
10.29.1.18 from 10.29.1.18 (10.29.0.1)
Origin IGP, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
Updated on Jun 27 2024 05:42:40 UTC
Patrick Marc's Networks 