[c-nsp] BGP on 6506/Sup720-3B will not filter outbound

Jason Gintert jason at fidelityaccess.com
Mon Oct 23 09:50:57 EDT 2006 

Hello all,

I was hoping someone could assist with a strange issue that has presented itself as of this weekend.  We're using a 6506e w/Sup720-3B running 12.2(18)SXD6 with two upstream BGP peers.  Our BGP session dropped to one of our upstream providers because all of the sudden we stopped filtering routes to them, started sending the full table from the other provider and tripped their "maximum-prefix" config.  We're using the same config we've had in for a year and it simply stopped filtering.  The only change I've made this weekend was adding "bgp always-compare-med" and "bgp deterministic-med" two days before the filtering stopped.  I've tried taking these commands back out and reconfiguring the BGP neighbor to no avail.  I've also tried deleting the neighbor and re-adding, using straight filter-lists and prefix-lists instead of the route-map out to filter and nothing seems to filter the announcement at all.  Here are the config bits:

 neighbor XX.XX.XX.209 remote-as XXXX
 neighbor XX.XX.XX.209 version 4
 neighbor XX.XX.XX.209 activate
 neighbor XX.XX.XX.209 soft-reconfiguration inbound
 neighbor XX.XX.XX.209 route-map BGP-Prefixes-Provider-UP out

 ip prefix-list Customer-A seq 5 permit xx.xx.xx.xx/22 le 28

 ip prefix-list Customer-B seq 5 permit yy.yy.yy.yy/22 le 28

 ip prefix-list Customer-C seq 5 permit zz.zz.zz.zz/24 le 28

 route-map BGP-Prefixes-Provider-UP permit 10
  match ip address prefix-list Customer-A Customer-B Customer-C

When that didn't work I replaced the route-map with:

 neighbor XX.XX.XX.209 distribute-list ALL-PREFIXES out
 neighbor XX.XX.XX.209 filter-list 1 out

 ip prefix-list ALL-PREFIXES seq 5 permit xx.xx.xx.xx/22 le 28
 ip prefix-list ALL-PREFIXES seq 10 permit yy.yy.yy.yy/22 le 28
 ip prefix-list ALL-PREFIXES seq 15 permit zz.zz.zz.zz/24 le 28

 ip as-path access-list 1 permit ^$

I know the filter list only announces from my AS and not customers but it still didn't filter anything from my announcement.

Any ideas?  Has anyone seen this before?

Thanks,
------
Jason R. Gintert
Fidelity Access Networks

More information about the cisco-nsp mailing list