[c-nsp] Filtered BGP routes
a. rahman isnaini r. sutan
risnaini at speed.net.id
Sun Dec 16 21:30:47 EST 2007
Daniel,
On cisco you'll see your prefix-list / as-path access-list hit (match).
And if you show ip bgp "denied/filtered prefix" it's not available on your
routing table.
rgs
a.r.isnaini.rangkayo sutan
----- Original Message -----
From: "Daniel Faubel" <daniel at net2ez.com>
To: "Peter Rathlev" <peter at rathlev.dk>; "cisco-nsp"
<cisco-nsp at puck.nether.net>
Sent: Saturday, December 15, 2007 4:30 AM
Subject: Re: [c-nsp] Filtered BGP routes
> Thanks for your help. It looks like Cisco can't do what I want.
>
> In Foundry, if I wanted to look at what routes are being filtered from a
> BGP peer I just have to do this.
>
> #sh ip bgp neighbors 206.223.143.252 received-routes | inc EF
> 283 63.245.223.0/24 206.223.143.109 100 0
> EF
> 801 130.95.156.206/32 206.223.143.64 0 100 0
> EF
> 807 130.155.98.1/32 206.223.143.64 0 100 0
> EF
> 864 138.194.21.154/32 206.223.143.64 0 100 0
> EF
>
> This peer is sending 4 prefixes that I am denying for one reason or
> another.
>
> Here is the "sh ip bgp sum" for that peer:
> 206.223.143.252 19996 ESTAB 6d21h24m 2040 4 20 0
>
> This output tells me I am accepting 2040 prefixes, filtering 4, and
> sending 20.
>
> Daniel Faubel
> Network Manager
> Net2EZ - Managed Data Centers
> 310-426-9933 x1 NOC
> 310-426-9933 x110 Direct
> daniel at net2ez.com
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peter Rathlev
> Sent: Friday, December 14, 2007 1:14 PM
> To: cisco-nsp
> Subject: Re: [c-nsp] Filtered BGP routes
>
> Just in case: I presume you just want to see the sent prefixes, and that
> you don't need to know WHY they're not imported or anything. My
> knowledge about Foundry can be summed up on the back on a postage stamp,
> so I'm not sure what you get/want from the show commands you mention.
>
> Regards,
> Peter Rathlev
>
> On Fri, 2007-12-14 at 22:09 +0100, Peter Rathlev wrote:
>> On Fri, 2007-12-14 at 12:52 -0800, Daniel Faubel wrote:
>> > Maybe I am asking the question in the wrong way.
>> >
>> > In a Foundry router when I type in this:
>> > sh ip bgp neighbors IP_ADDRESS received-routes
>> >
>> >
>> > I get this very near the top:
>> > Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP
> D:DAMPED
>> > E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED
>> > F:FILTERED
>> >
>> >
>> > Filtered being what I have filtered based off of prefix or as-path
>> > lists.
>> >
>> >
>> > On the Cisco I type in this:
>> > sh ip bgp neighbors IP_ADDRESS received-routes
>> >
>> > And get this near the top:
>> > Status codes: s suppressed, d damped, h history, * valid, > best, i
> -
>> > internal,
>> > r RIB-failure, S Stale
>> > Origin codes: i - IGP, e - EGP, ? - incomplete
>> >
>> >
>> >
>> > I understand how to view the routes I am getting from the peer. How
> do I
>> > view the filtered/blocked/denied routes?
>>
>> Hmm... I'll try with an example. This is done using a C3560 running IP
>> SERVICES, and is done inside a VRF, but that shouldn't make any
>> difference.
>>
>> I have a CE router (the C3560) neighboring a PE router in the
>> "mjna_servpri" VRF. Here are some show commands (with slight
>> reformatting):
>>
>> ! ce-aars-bladec-1#sh ip bgp vpnv4 vrf mjna_servpri
>> ! BGP table version is 104, local router ID is 10.255.48.2
>> ! Status codes: s suppressed, d damped, h history, * valid, > best,
>> ! i - internal, r RIB-failure, S Stale
>> ! Origin codes: i - IGP, e - EGP, ? - incomplete
>> !
>> ! Network Next Hop Metric LocPrf Weight Path
>> ! Route Distinguisher: 64512:321 (default for vrf mjna_servpri)
>> ! *> 0.0.0.0 10.255.48.17 0 64512 i
>> ! *> 10.253.255.208/29
>> ! 0.0.0.0 0 32768 i
>>
>> Here I only receive a default route and source one network locally.
> The
>> relevant configuration is:
>>
>> ip prefix-list ONLY-DEFAULT permit 0.0.0.0/0
>> ip prefix-list ONLY-DEFAULT deny 0.0.0.0/0 le 32
>> !
>> router bgp 64982
>> address-family ipv4 vrf mjna_servpri
>> neighbor 10.255.48.17 remote-as 64512
>> neighbor 10.255.48.17 activate
>> neighbor 10.255.48.17 prefix-list ONLY-DEFAULT in
>> neighbor 10.255.48.17 soft-reconfiguration inbound
>> exit-address-family
>> !
>> exit
>> !
>>
>> ! ce-aars-bladec-1#sh ip bgp vpnv4 vrf mjna_servpri sum
>> ! <snip>
>> ! Neighbor V AS MsgR MsgS TblV InQ OutQ Up/Down State/PfxR
>> ! 10.255.48.17 4 64512 3991 3974 104 0 0 00:53:11 1
>>
>> The summary shows that I "receive" 1 prefix, and that is after
>> filtering. Now the "received-routes":
>>
>> ! ce-aars-bladec-1#sh ip bgp vpnv4 vrf mjna_servpri nei 10.255.48.17
>> ! received-routes
>> ! BGP table version is 104, local router ID is 10.255.48.2
>> ! Status codes: s suppressed, d damped, h history, * valid, > best,
>> ! i - internal, r RIB-failure, S Stale
>> ! Origin codes: i - IGP, e - EGP, ? - incomplete
>> !
>> ! Network Next Hop Weight Path
>> ! Route Distinguisher: 64512:321 (default for vrf mjna_servpri)
>> ! * 0.0.0.0 10.255.48.17 0 64512 i
>> ! * 10.248.21.0/28 10.255.48.17 0 64512 i
>> ! * 10.253.2.0/24 10.255.48.17 0 64512 64983 i
>> ! * 10.253.2.10/32 10.255.48.17 0 64512 65017 i
>> ! * 10.253.2.11/32 10.255.48.17 0 64512 65017 i
>> ! * 10.253.33.0/24 10.255.48.17 0 64512 64983 i
>> ! * 10.253.251.0/24 10.255.48.17 0 64512 64983 i
>> ! * 10.253.252.0/24 10.255.48.17 0 64512 64983 i
>> ! * 10.253.254.0/24 10.255.48.17 0 64512 65010 i
>> ! * 10.253.255.0/24 10.255.48.17 0 64512 65021 64991 i
>> ! * 10.253.255.6/32 10.255.48.17 0 64512 64983 i
>> ! * 10.253.255.20/32 10.255.48.17 0 64512 64983 i
>> ! * 10.253.255.200/32
>> ! 10.255.48.17 0 64512 64983 i
>> !
>> ! Total number of prefixes 13
>> ! ce-aars-bladec-1#
>>
>> This show me all the prefixes the neighbor sent me. They're not
>> installed in the BGP table, but are saved:
>>
>> ! ce-aars-bladec-1#sh ip bgp vpnv4 vrf mjna_servpri nei 10.255.48.17
>> ! BGP neighbor is 10.255.48.17, vrf mjna_servpri, remote AS 64512,
>> ! external link
>> ! BGP version 4, remote router ID 10.252.255.8
>> ! BGP state = Established, up for 01:04:47
>> <snip>
>> ! Inbound soft reconfiguration allowed
>> ! Sent Rcvd
>> ! Prefix activity: ---- ----
>> ! Prefixes Current: 1 1 (Consumes 952 bytes)
>> ! Prefixes Total: 1 1
>> ! Implicit Withdraw: 1 0
>> ! Explicit Withdraw: 0 0
>> ! Used as bestpath: n/a 1
>> ! Used as multipath: n/a 0
>> ! Saved (soft-reconfig): n/a 13 (Consumes 884 bytes)
>> !
>> ! Outbound Inbound
>> ! Local Policy Denied Prefixes: -------- -------
>> ! prefix-list 0 12
>> ! Bestpath from this peer: 2 n/a
>> ! Total: 2 12
>> ! Number of NLRIs in the update sent: max 0, min 0
>>
>> I hope this sheds a little more light on the problem.
>>
>> BTW: If I try the "show ... received-routes" without soft reconfig
>> enabled on this platform, I get:
>>
>> ce-aars-bladec-1#sh ip bgp nei 10.241.16.253 received-routes
>> % Inbound soft reconfiguration not enabled on 10.241.16.253
>> ce-aars-bladec-1#
>>
>> Regards,
>> Peter Rathlev
>>
>>
>>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list