Hello guys.
So today i ran into an issue. I am creating a tunnel with Azure using a Watchguard firewall, and BGP is required.
The issue is with the BGP configuration on the Watchguard.
router bgp 64528
network 192.168.136.0/23
network 10.61.57.16/28
ip prefix-list AZURE_IN permit 172.16.224.0/20
ip prefix-list AZURE_OUT permit 192.168.136.0/23
ip prefix-list AZURE_OUT permit 10.61.57.16/28
neighbor 172.16.227.254 remote-as 64525
neighbor 172.16.227.254 activate
neighbor 172.16.227.254 prefix-list AZURE_IN in
neighbor 172.16.227.254 prefix-list AZURE_OUT out
172.16.227.254 is the Azure peer. The adjacency is established without issues.
However, this is actually filtering everything from the Azure side. The moment i filter Azure peer "in" i dont get any routes at all, and neither does Azure.
If i leave only the "out" statement Azure receives my routes, but i receive everything from them and that is not intended.
I have tried a million ways. A prefix list denying specific networks didnt work either, tried with a route-map, pretty much anything i specify "in", i get no routes after.
This adjancency needs to be filtered for several reasons, to list a couple, i dont want some random Chinese app devs even receiving routes for systems that i use, and i dont like the possibility of assymetric routing.
Thoughts?
No comments:
Post a Comment