Reply
New Member
Posts: 27
Registered: ‎12-22-2015
Solutions: 1
Accepted Solution

Another BGP/IPV6 issue/question

So I have the following configuration:
  
set policy prefix-list6 HE-V6-IN rule 10 description "Do not accept MY routes"
set policy prefix-list6 HE-V6-IN rule 10 prefix 2001:222:9e03::/48
set policy prefix-list6 HE-V6-IN rule 10 action deny
 
set protocols bgp 395478 neighbor 2001:470:1:88a::1 description HE-v6-1
set protocols bgp 395478 neighbor 2001:470:1:88a::1 remote-as 6939
set protocols bgp 395478 neighbor 2001:470:1:88a::1 soft-reconfiguration inbound
set protocols bgp 395478 neighbor 2001:470:1:88a::1 prefix-list6 import HE-V6-IN
set protocols bgp 395478 neighbor 2001:470:1:88a::1 prefix-list6 export HE-V6-OUT
 
 
I cannot seem to get the v6 BGP peers to use a prefix list. What am I missing?  I have both prefix-lists (actually MANY more)..
 

Accepted Solutions
Established Member
Posts: 829
Registered: ‎07-23-2015
Kudos: 496
Solutions: 47

Re: Another BGP/IPV6 issue/question

Have you tried the proper address family?

 

set protocols bgp 395478 neighbor 2001:470:1:88a::1 address-family ipv6-unicast prefix-list import HE-V6-IN
Please don't forget to kudo helpful posts and mark accepted solutions accordingly!
jcm.me - Personal Site | Joyn.Tech - Consulting Site

Add Auto-Provisioning Support to UNMS

View solution in original post


All Replies
Established Member
Posts: 829
Registered: ‎07-23-2015
Kudos: 496
Solutions: 47

Re: Another BGP/IPV6 issue/question

So what’s the problem? Your prefix-list is filtering everything. Is that the expected outcome?
Please don't forget to kudo helpful posts and mark accepted solutions accordingly!
jcm.me - Personal Site | Joyn.Tech - Consulting Site

Add Auto-Provisioning Support to UNMS
New Member
Posts: 27
Registered: ‎12-22-2015
Solutions: 1

Re: Another BGP/IPV6 issue/question

rkymtn@ubnt# show policy prefix-list6 HE-V6-IN 
 rule 10 {
     action deny
     description "Do not accept MY routes"
     prefix 2001:428:9e03::/48
 }
[edit]

rkymtn@ubnt# set protocols bgp 395478 neighbor 2001:470:1:88a::1 description HE-v6-1
[edit]
rkymtn@ubnt# set protocols bgp 395478 neighbor 2001:470:1:88a::1 remote-as 6939
[edit]
rkymtn@ubnt# set protocols bgp 395478 neighbor 2001:470:1:88a::1 soft-reconfiguration inbound
[edit]
rkymtn@ubnt# set protocols bgp 395478 neighbor 2001:470:1:88a::1 prefix-list6 import HE-V6-IN
The specified configuration node is not valid
Set failed
[edit]
rkymtn@ubnt# set protocols bgp 395478 neighbor 2001:470:1:88a::1 prefix-list6 export HE-V6-OUT
The specified configuration node is not valid
Set failed
[edit]

Above is the problem.  

Established Member
Posts: 829
Registered: ‎07-23-2015
Kudos: 496
Solutions: 47

Re: Another BGP/IPV6 issue/question

Have you tried the proper address family?

 

set protocols bgp 395478 neighbor 2001:470:1:88a::1 address-family ipv6-unicast prefix-list import HE-V6-IN
Please don't forget to kudo helpful posts and mark accepted solutions accordingly!
jcm.me - Personal Site | Joyn.Tech - Consulting Site

Add Auto-Provisioning Support to UNMS
New Member
Posts: 27
Registered: ‎12-22-2015
Solutions: 1

Re: Another BGP/IPV6 issue/question

I found the command.  It is:

 

set protocols bgp 395478 neighbor 2001:470:1:88a::1 address-family ipv6-unicast prefix-list import HE-V6-IN
New Member
Posts: 25
Registered: ‎06-06-2017
Kudos: 2

Re: Another BGP/IPV6 issue/question

Here is a sample config for:

 

- 2 External BGP peers, receiving full tables for IPv4 and IPv6

- A iBGP peer for exchanging routes with another Edgerouter Pro that has it's own session.

- A IPv4 and IPv6 VRRP address for the local LAN segment

- A SNMP community with restricted access

- Listen addresses for SSH and GUI restricted to IPv6 addresses.

- No firewall rules (assymtric traffic)

- A prefix list for the 4 and 6 network

- A AS path filter for any AS

- A outbound filter so that only your own prefix is announced

- A route map so that the AS is prepended twice for lower inbound priority vs the other path

 

firewall {
    all-ping enable
    broadcast-ping disable
    group {
        address-group EdgeRouter_Self {
            address 192.168.27.0/28
            address 192.168.27.41
            address 192.168.27.42
            address 192.168.27.43
            address 192.168.27.33
            description "Edgerouter Self"
        }
        address-group Trusted_IPs {
            address 192.168.27.32/27
            description "External Trusted IPs"
        }
        ipv6-address-group EdgeRouter_Self6 {
            description "Edgerouter Addresses 6"
            ipv6-address 2001:db8:1234:ff01::/64
            ipv6-address 2001:db8:1234:ff00::1
            ipv6-address 2001:db8:1234:ff00::41
            ipv6-address 2001:db8:1234:ff00::42
            ipv6-address 2001:db8:1234:ff00::43
        }
        network-group PRIVATE_NETS {
            network 192.168.0.0/16
            network 172.16.0.0/12
            network 10.0.0.0/8
        }
        port-group EdgeRouter_Ports {
            description "EdgeRouter Ports Self"
            port 22
            port 443
        }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address 192.168.27.42/27
        address 2001:db8:1234:ff00::42/96
        description Local
        duplex auto
        ipv6 {
            address {
            }
            dup-addr-detect-transmits 1
        }
        speed auto
        vrrp {
            vrrp-group 61 {
                advertise-interval 1
                hello-source-address 192.168.27.42
                preempt true
                priority 40
                sync-group 1
                virtual-address fe80::ff00:62/64
                virtual-address 2001:db8:1234:ff00::62/64
                virtual-address fe80::ff00:1/64
            }
            vrrp-group 62 {
                advertise-interval 1
                hello-source-address 192.168.27.42
                preempt true
                priority 40
                sync-group 1
                virtual-address 192.168.27.62/27
                virtual-address 192.168.27.33/27
            }
        }
    }
    ethernet eth1 {
        address 192.168.27.2/28
        address 2001:db8:1234:ff01::2/96
        address FDE9:556:866F::2/96
        description iBGP
        duplex auto
        ipv6 {
            address {
            }
            dup-addr-detect-transmits 1
        }
        speed auto
    }
    ethernet eth2 {
        address 192.168.43.34/30
        address 2001:db8:2504:F009::3/126
        description KPN
        duplex full
        ipv6 {
            dup-addr-detect-transmits 1
        }
        speed 100
    }
    ethernet eth3 {
        address 192.168.247.46/30
        address 2001:db8:1100::1/126
        description Tele2
        duplex auto
        speed auto
    }
    ethernet eth4 {
        disable
        duplex auto
        speed auto
    }
    ethernet eth5 {
        disable
        duplex auto
        speed auto
    }
    ethernet eth6 {
        disable
        duplex auto
        speed auto
    }
    ethernet eth7 {
        disable
        duplex auto
        speed auto
    }
    loopback lo {
        address 172.16.95.2/32
        address FDE9:556:866F::2/128
    }
}
policy {
    as-path-list 15 {
        rule 15 {
            action permit
            description Self
            regex ^$
        }
    }
    prefix-list announce {
        description Announce
        rule 5 {
            action permit
            description "ASN 65535 networks"
            prefix 192.168.27.0/24
        }
    }
    prefix-list6 announce6 {
        description "AS65535 IPV6 Networks"
        rule 5 {
            action permit
            description "AS65535 IPV6 Networks"
            prefix 2001:db8:1234::/48
        }
    }
    route-map PREPEND {
        rule 10 {
            action permit
            match {
                as-path 15
            }
            set {
                as-path-prepend 65535
                local-preference 50
            }
        }
    }
}
protocols {
    bgp 65535 {
        address-family {
            ipv6-unicast {
                network 2001:db8:1234::/48 {
                }
            }
        }
        neighbor 192.168.247.45 {
            description Tele2
            filter-list {
                export 15
            }
            prefix-list {
                export announce
            }
            remote-as 13127
            route-map {
                export PREPEND
            }
            update-source 192.168.247.46
        }
        neighbor 192.168.151.96 {
            address-family {
            }
            description KPN
            ebgp-multihop 5
            filter-list {
                export 15
            }
            password ****************
            prefix-list {
                export announce
            }
            remote-as 1136
            route-map {
                export PREPEND
            }
            update-source 192.168.43.34
        }
        neighbor 172.16.95.4 {
            description iBGP
            nexthop-self
            password ****************
            remote-as 65535
            update-source 172.16.95.2
        }
        neighbor 2001:db8:1100::0 {
            address-family {
                ipv6-unicast {
                    filter-list {
                        export 15
                    }
                    prefix-list {
                        export announce6
                    }
                    route-map {
                        export PREPEND
                    }
                }
            }
            description Tele2
            no-activate
            remote-as 13127
            update-source 2001:db8:1100::1
        }
        neighbor 2001:db8:2504:F004:1:: {
            address-family {
                ipv6-unicast {
                    filter-list {
                        export 15
                    }
                    prefix-list {
                        export announce6
                    }
                    route-map {
                        export PREPEND
                    }
                }
            }
            description KPN
            ebgp-multihop 5
            no-activate
            password ****************
            remote-as 1136
            route-map {
                export PREPEND
            }
            update-source 2001:db8:2504:F009::3
        }
        neighbor FDE9:556:866F::4 {
            address-family {
                ipv6-unicast {
                    nexthop-self
                }
            }
            description iBGP
            no-activate
            password ****************
            remote-as 65535
            update-source FDE9:556:866F::2
        }
        network 192.168.27.0/24 {
        }
        parameters {
            log-neighbor-changes
        }
    }
    static {
        route 192.168.28.100/32 {
            next-hop 172.16.95.4 {
            }
        }
        route 192.168.27.0/24 {
            blackhole {
            }
        }
        route 192.168.27.96/27 {
            next-hop 192.168.27.34 {
            }
        }
        route 192.168.151.96/32 {
            next-hop 145.54.43.33 {
            }
        }
        route 172.16.95.1/32 {
            next-hop 192.168.27.1 {
            }
        }
        route 172.16.95.3/32 {
            next-hop 192.168.27.3 {
            }
        }
        route 172.16.95.4/32 {
            next-hop 192.168.27.4 {
            }
        }
        route6 2001:db8:1234::/48 {
            blackhole {
            }
        }
        route6 2001:db8:1234::/52 {
            next-hop 2001:db8:1234:ff00::34 {
            }
        }
        route6 2001:db8:2504:f004:1::/126 {
            next-hop 2001:db8:2504:F009::2 {
            }
        }
        route6 FDE9:556:866F::3/128 {
            next-hop 2001:db8:1234:FF01::3 {
            }
        }
        route6 FDE9:556:866F::4/128 {
            next-hop 2001:db8:1234:FF01::4 {
            }
        }
    }
}
service {
    dns {
    }
    gui {
        http-port 80
        https-port 443
        listen-address 2001:db8:1234:ff00::42
        listen-address 145.54.43.34
        listen-address 2001:db8:2504:F009::3
        older-ciphers disable
    }
    lldp {
        interface eth0 {
        }
    }
    nat {
    }
    snmp {
        community supersecretsnmp {
            authorization ro
            network 192.168.27.32/27
            network 2001:db8:1234::/52
        }
        contact Support@3dfashion.nl
        listen-address 192.168.27.42 {
        }
        listen-address 192.168.43.34 {
            port 161
        }
        listen-address 2001:db8:2504:F009::3 {
            port 161
        }
        location "C2 SR1"
    }
    ssh {
        listen-address 2001:db8:1234:ff00::42
        listen-address 192.168.43.34
        listen-address 2001:db8:2504:F009::3
        port 22
        protocol-version v2
    }
}
 

 

Reply