[c-nsp] re-advertising eBGP learned prefixes

[Gert Doering]

Hi,

On Thu, Oct 20, 2011 at 07:13:50PM +0400, Andrey Koklin wrote:
> ip as-path access-list 100 permit ^$
> ip as-path access-list 101 permit _21017_
> ip as-path access-list 102 permit _21017_21017_

This...

> route-map TO_VPN_CTK permit 10
>  match ip address prefix-list TO_VPN_CTK
>  match as-path 100

... together with this will only permit AS-paths matched by ACL 100,
which is "^$" = "your local AS".

So this AS path ACL will never permit anything learned from eBGP.

Maybe this should have been

ip as-path access-list 100 permit ^$
ip as-path access-list 100 permit _21017_
ip as-path access-list 100 permit _21017_21017_

("100" in all 3 lines)

> I've just tried to remove filters. The router started to advertise all
> but the needed prefixes, like 10.36.72.32/27...

See above: the as-path filter is borked.

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20111020/edafa327/attachment.pgp>