[c-nsp] Is there a command to check which BGP ingress policy drops the received prefix in Cisco ASR routers?

[Martin T]

Mark,

I agree that it is most likely because of inbound policy applied to
that neighbor session. Even the "sh bgp neighbor" for that particular
BGP session shows that:

  Cumulative no. of prefixes denied: 11.
    No policy: 0, Failed RT match: 0
    By ORF policy: 0, By policy: 11

While I did not find a Cisco documentation which explains the
cumulative number of prefixes denied by policy, I guess it is the
number of prefixes dropped by inbound policies over the time.

However, inbound policy for this BGP neighbor is built of dozen other
route-policies using the "apply"(executes a policy from within another
policy) statement. I was hoping that maybe there is a command which
displays exactly which route-policy drops the prefix.


thanks,
Martin

On 8/8/15, Mark Tinka <mark.tinka at seacom.mu> wrote:
>
>
> On 7/Aug/15 17:52, Martin T wrote:
>> Hi,
>>
>> according to "sh bgp ipv4 unicast neighbors <neighbor-address>
>> received routes"(displays received prefixes before route policies)
>> command I receive a /32 IPv4 prefix from eBGP neighbor. However,
>> according to "sh bgp ipv4 unicast neighbors <neighbor-address>
>> routes"(displays learned prefixes after route policies) command this
>> /32 prefix is not learned. This prefix has accessible next-hop and AS
>> path does not include local ASN. This probably means that this /32
>> prefix is not accepted because one of the ingress policies. Is there a
>> convenient command in IOS-XR which allows one to see which BGP ingress
>> policy drops the received prefix?
>
> Well, it would most likely be the inbound policy you applied to that
> particular neighbor session.
>
> At any rate, a "sh bgp neighbor x.x.x.x" will show you data about the
> session, including the policies applied on inbound and outbound.
>
> Mark.
>