Options

BGP FRR Firebox 12.10.B685791

Jone_J_G_LeweniJone_J_G_Leweni
edited October 2023 in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

Hi Everyone,

Simple BGP Syntax Question:

Is it important to BGP configuration sysntax in top down configurations style of layout for this new version of firmware (for some vendors this is a requirement)?

Example of the above statement:

ip prefix-list allow_in seq 5 permit C.C.C.C/30
ip prefix-list allow_in seq 10 permit E.E.E.E/32
ip prefix-list allow_in seq 20 permit F.F.F.F/32
ip prefix-list allow_in seq 30 deny 0.0.0.0/0 le 32

ip prefix-list allow_out seq 5 permit B.B.B.B/24
ip prefix-list allow_out seq 30 deny 0.0.0.0/0 le 32

route-map rmap_in permit 10
match ip address prefix-list allow_in

route-map rmap_out permit 5
match ip address prefix-list allow_out

router bgp 500
no bgp ebgp-requires-policy
no bgp network import-check
bgp router-id A.A.A.Y

address-family ipv4 unicast
network A.A.A.A/30
network B.B.B.B/24
neighbor A.A.A.X remote-as 600
neighbor A.A.A.X weight 1000
neighbor A.A.A.X route-map rmap_in in
neighbor A.A.A.X route-map rmap_out out
neighbor A.A.A.X description ISP-01
neighbor A.A.A.X soft-reconfiguration inbound

My neigbor command "neighbor A.A.A.X route-map rmap_in in" is not being accepted in configuration hence this question. The command layout it had was:

router bgp 500
no bgp ebgp-requires-policy
no bgp network import-check
bgp router-id A.A.A.Y

address-family ipv4 unicast
network A.A.A.A/30
network B.B.B.B/24
neighbor A.A.A.X remote-as 600
neighbor A.A.A.X weight 1000
neighbor A.A.A.X route-map rmap_in in
neighbor A.A.A.X route-map rmap_out out
neighbor A.A.A.X description ISP-01
neighbor A.A.A.X soft-reconfiguration inbound

ip prefix-list allow_in seq 5 permit C.C.C.C/30
ip prefix-list allow_in seq 10 permit E.E.E.E/32
ip prefix-list allow_in seq 20 permit F.F.F.F/32
ip prefix-list allow_in seq 30 deny 0.0.0.0/0 le 32

ip prefix-list allow_out seq 5 permit B.B.B.B/24
ip prefix-list allow_out seq 30 deny 0.0.0.0/0 le 32

route-map rmap_in permit 10
match ip address prefix-list allow_in

route-map rmap_out permit 5
match ip address prefix-list allow_out

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    As long as your config has the relevant commands, it should be fine.

    I would suggest using the config in the order that is provided in the documentation as that is the way it is tested. While we do test other combinations, it's not possible to test every single one that may arise.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.