[c-nsp] Filtered BGP routes
Daniel Faubel
daniel at net2ez.com
Fri Dec 14 16:30:19 EST 2007
Thanks for your help. It looks like Cisco can't do what I want.
In Foundry, if I wanted to look at what routes are being filtered from a
BGP peer I just have to do this.
#sh ip bgp neighbors 206.223.143.252 received-routes | inc EF
283 63.245.223.0/24 206.223.143.109 100 0
EF
801 130.95.156.206/32 206.223.143.64 0 100 0
EF
807 130.155.98.1/32 206.223.143.64 0 100 0
EF
864 138.194.21.154/32 206.223.143.64 0 100 0
EF
This peer is sending 4 prefixes that I am denying for one reason or
another.
Here is the "sh ip bgp sum" for that peer:
206.223.143.252 19996 ESTAB 6d21h24m 2040 4 20 0
This output tells me I am accepting 2040 prefixes, filtering 4, and
sending 20.
Daniel Faubel
Network Manager
Net2EZ - Managed Data Centers
310-426-9933 x1 NOC
310-426-9933 x110 Direct
daniel at net2ez.com
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peter Rathlev
Sent: Friday, December 14, 2007 1:14 PM
To: cisco-nsp
Subject: Re: [c-nsp] Filtered BGP routes
Just in case: I presume you just want to see the sent prefixes, and that
you don't need to know WHY they're not imported or anything. My
knowledge about Foundry can be summed up on the back on a postage stamp,
so I'm not sure what you get/want from the show commands you mention.
Regards,
Peter Rathlev
On Fri, 2007-12-14 at 22:09 +0100, Peter Rathlev wrote:
> On Fri, 2007-12-14 at 12:52 -0800, Daniel Faubel wrote:
> > Maybe I am asking the question in the wrong way.
> >
> > In a Foundry router when I type in this:
> > sh ip bgp neighbors IP_ADDRESS received-routes
> >
> >
> > I get this very near the top:
> > Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP
D:DAMPED
> > E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED
> > F:FILTERED
> >
> >
> > Filtered being what I have filtered based off of prefix or as-path
> > lists.
> >
> >
> > On the Cisco I type in this:
> > sh ip bgp neighbors IP_ADDRESS received-routes
> >
> > And get this near the top:
> > Status codes: s suppressed, d damped, h history, * valid, > best, i
-
> > internal,
> > r RIB-failure, S Stale
> > Origin codes: i - IGP, e - EGP, ? - incomplete
> >
> >
> >
> > I understand how to view the routes I am getting from the peer. How
do I
> > view the filtered/blocked/denied routes?
>
> Hmm... I'll try with an example. This is done using a C3560 running IP
> SERVICES, and is done inside a VRF, but that shouldn't make any
> difference.
>
> I have a CE router (the C3560) neighboring a PE router in the
> "mjna_servpri" VRF. Here are some show commands (with slight
> reformatting):
>
> ! ce-aars-bladec-1#sh ip bgp vpnv4 vrf mjna_servpri
> ! BGP table version is 104, local router ID is 10.255.48.2
> ! Status codes: s suppressed, d damped, h history, * valid, > best,
> ! i - internal, r RIB-failure, S Stale
> ! Origin codes: i - IGP, e - EGP, ? - incomplete
> !
> ! Network Next Hop Metric LocPrf Weight Path
> ! Route Distinguisher: 64512:321 (default for vrf mjna_servpri)
> ! *> 0.0.0.0 10.255.48.17 0 64512 i
> ! *> 10.253.255.208/29
> ! 0.0.0.0 0 32768 i
>
> Here I only receive a default route and source one network locally.
The
> relevant configuration is:
>
> ip prefix-list ONLY-DEFAULT permit 0.0.0.0/0
> ip prefix-list ONLY-DEFAULT deny 0.0.0.0/0 le 32
> !
> router bgp 64982
> address-family ipv4 vrf mjna_servpri
> neighbor 10.255.48.17 remote-as 64512
> neighbor 10.255.48.17 activate
> neighbor 10.255.48.17 prefix-list ONLY-DEFAULT in
> neighbor 10.255.48.17 soft-reconfiguration inbound
> exit-address-family
> !
> exit
> !
>
> ! ce-aars-bladec-1#sh ip bgp vpnv4 vrf mjna_servpri sum
> ! <snip>
> ! Neighbor V AS MsgR MsgS TblV InQ OutQ Up/Down State/PfxR
> ! 10.255.48.17 4 64512 3991 3974 104 0 0 00:53:11 1
>
> The summary shows that I "receive" 1 prefix, and that is after
> filtering. Now the "received-routes":
>
> ! ce-aars-bladec-1#sh ip bgp vpnv4 vrf mjna_servpri nei 10.255.48.17
> ! received-routes
> ! BGP table version is 104, local router ID is 10.255.48.2
> ! Status codes: s suppressed, d damped, h history, * valid, > best,
> ! i - internal, r RIB-failure, S Stale
> ! Origin codes: i - IGP, e - EGP, ? - incomplete
> !
> ! Network Next Hop Weight Path
> ! Route Distinguisher: 64512:321 (default for vrf mjna_servpri)
> ! * 0.0.0.0 10.255.48.17 0 64512 i
> ! * 10.248.21.0/28 10.255.48.17 0 64512 i
> ! * 10.253.2.0/24 10.255.48.17 0 64512 64983 i
> ! * 10.253.2.10/32 10.255.48.17 0 64512 65017 i
> ! * 10.253.2.11/32 10.255.48.17 0 64512 65017 i
> ! * 10.253.33.0/24 10.255.48.17 0 64512 64983 i
> ! * 10.253.251.0/24 10.255.48.17 0 64512 64983 i
> ! * 10.253.252.0/24 10.255.48.17 0 64512 64983 i
> ! * 10.253.254.0/24 10.255.48.17 0 64512 65010 i
> ! * 10.253.255.0/24 10.255.48.17 0 64512 65021 64991 i
> ! * 10.253.255.6/32 10.255.48.17 0 64512 64983 i
> ! * 10.253.255.20/32 10.255.48.17 0 64512 64983 i
> ! * 10.253.255.200/32
> ! 10.255.48.17 0 64512 64983 i
> !
> ! Total number of prefixes 13
> ! ce-aars-bladec-1#
>
> This show me all the prefixes the neighbor sent me. They're not
> installed in the BGP table, but are saved:
>
> ! ce-aars-bladec-1#sh ip bgp vpnv4 vrf mjna_servpri nei 10.255.48.17
> ! BGP neighbor is 10.255.48.17, vrf mjna_servpri, remote AS 64512,
> ! external link
> ! BGP version 4, remote router ID 10.252.255.8
> ! BGP state = Established, up for 01:04:47
> <snip>
> ! Inbound soft reconfiguration allowed
> ! Sent Rcvd
> ! Prefix activity: ---- ----
> ! Prefixes Current: 1 1 (Consumes 952 bytes)
> ! Prefixes Total: 1 1
> ! Implicit Withdraw: 1 0
> ! Explicit Withdraw: 0 0
> ! Used as bestpath: n/a 1
> ! Used as multipath: n/a 0
> ! Saved (soft-reconfig): n/a 13 (Consumes 884 bytes)
> !
> ! Outbound Inbound
> ! Local Policy Denied Prefixes: -------- -------
> ! prefix-list 0 12
> ! Bestpath from this peer: 2 n/a
> ! Total: 2 12
> ! Number of NLRIs in the update sent: max 0, min 0
>
> I hope this sheds a little more light on the problem.
>
> BTW: If I try the "show ... received-routes" without soft reconfig
> enabled on this platform, I get:
>
> ce-aars-bladec-1#sh ip bgp nei 10.241.16.253 received-routes
> % Inbound soft reconfiguration not enabled on 10.241.16.253
> ce-aars-bladec-1#
>
> Regards,
> Peter Rathlev
>
>
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list