[c-nsp] Leaky SoO

David Freedman david.freedman at uk.clara.net
Wed Sep 3 08:01:27 EDT 2008 

Ok, thanks, the problem I'm seeing follows, note that am not using as-override 
but instead "allow-as in" on the CE router, I have a very specific reason for doing this 
(I'm preserving the AS_PATH but instead using SoO to do some site based filtering)

It seems not to work, as you can see in my example, the prefix coming from a remote CE with
same SoO (10.1.0.0/16) is advertised to my CE (10.12.75.128)...


PE (12.4(12)):


router bgp 1234
!
 !
 address-family ipv4 vrf FOO
 !
 neighbor 10.12.75.158 remote-as 65489
 neighbor 10.12.75.158 version 4
 neighbor 10.12.75.158 activate
 neighbor 10.12.75.158 soft-reconfiguration inbound
 neighbor 10.12.75.158 route-map do_stuff in
 neighbor 10.12.75.158 next-hop-self
 exit-address-family
!
route-map do_stuff permit 5
 match ip address prefix-list some_prefixes_a
 set local-preference 200
 set extcommunity soo 65489:5
!
route-map do_stuff permit 10
 match ip address prefix-list some_prefixes_b
 set extcommunity soo 65489:5
!

pe# sh ip bgp v vrf FOO nei 10.12.75.158 | in SoO
  Site-of-Origin is SoO:65489:5

pe#   sh ip bgp v vrf FOO 10.1.0.0/16

BGP routing table entry for 10.1.0.0/16, version 21
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
     2
  65489
    1.1.1.1 from 1.1.1.1 (10.12.1.50)
      Origin incomplete, metric 0, localpref 200, valid, internal, best
      Extended Community: SoO:65489:5



pe#sh ip ro v FOO 10.1.0.0
Routing entry for 10.1.0.0/16
  Known via "bgp 1234", distance 200, metric 0
  Tag 65489, type internal
  Last update from 1.1.1.1 00:24:24 ago
  Routing Descriptor Blocks:
  * 1.1.1.1, from 1.1.1.1, 00:24:24 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 65489

pe#sh ip bgp v vrf FOO nei 10.12.75.158 adv | in 10.1.0.0
*>i10.1.0.0/16      1.1.1.1               0    200      0 65489 ?


CE (12.4(12)):
 
ce# sh ip bgp 10.1.0.0/16

BGP routing table entry for 10.1.0.0/16, version 23
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Not advertised to any peer
  1234 65489, (received & used)
    10.12.75.157 from 10.12.75.157 (2.2.2.2)
      Origin incomplete, localpref 100, valid, external, best


------------------------------------------------
David Freedman
Group Network Engineering 
Claranet Limited
http://www.clara.net



-----Original Message-----
From: Arie Vayner (avayner) [mailto:avayner at cisco.com]
Sent: Tue 9/2/2008 21:25
To: David Freedman; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Leaky SoO
 
David,

This seems to be an EIGRP related bug.
I sent a quick note to the DE regarding the fix in the listed
releases...

Arie 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of David Freedman
Sent: Tuesday, September 02, 2008 21:33 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Leaky SoO

Hi,

 I'm seeing leaky SoO in 12.4M (prefixes get advertised back to sites
with same SoO they came from), possibly down to CSCek73579, I notice
there are no first-fixed-in 12.4M or 12.2SB targets, would somebody on
here from cisco mind taking a look at the internal notes and tell me if
this bug applies to normal BGP setups (i.e with no EIGRP) and if so,
when I could expect a fix in 12.4M or 12.2SB ?

Many thanks


David Freedman

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list