[c-nsp] BGP conditional advertisemet - NON-EXIST route map'saccess-list problem
Burak Dikici
bdikici at gmail.com
Sun Mar 15 18:14:29 EDT 2009
You can use this kind of configuration option , new style config. But , the
old sytle is still supported. Here is the configs and show commands ;
Router#show run
!
interface FastEthernet0/0
description ISP-1_connection
ip address 192.168.200.2 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
description ISP-2_connection
ip address 192.168.100.2 255.255.255.0
clock rate 1000000
!
interface FastEthernet0/1
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
router bgp 10
bgp log-neighbor-changes
neighbor 192.168.100.1 remote-as 100
neighbor 192.168.200.1 remote-as 200
!
address-family ipv4
neighbor 192.168.100.1 activate
neighbor 192.168.100.1 advertise-map ADVERTISE non-exist-map NON-EXIST
neighbor 192.168.100.1 weight 500
neighbor 192.168.100.1 distribute-list 15 out
neighbor 192.168.200.1 activate
neighbor 192.168.200.1 weight 1000
neighbor 192.168.200.1 distribute-list 15 out
no auto-summary
no synchronization
network 10.1.1.0 mask 255.255.255.0
exit-address-family
!
ip as-path access-list 1 permit ^200
!
ip prefix-list AS200-track seq 5 permit 192.168.200.0/24
access-list 15 permit 10.1.1.0
access-list 60 permit 10.1.1.0 0.0.0.255
!
route-map NON-EXIST permit 10
match ip address prefix-list AS200-track
match as-path 1
!
route-map ADVERTISE permit 10
match ip address 60
ISP-1#show run
!
interface FastEthernet0/0
description Router_connection
ip address 192.168.200.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
router bgp 200
no synchronization
bgp log-neighbor-changes
network 172.16.1.0 mask 255.255.255.0
neighbor 192.168.200.2 remote-as 10
no auto-summary
ISP-2#show run
!
interface Serial0/0
description Router_connection
ip address 192.168.100.1 255.255.255.0
clock rate 2000000
!
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 192.168.100.2 remote-as 10
no auto-summary
Router#show ip bgp neighbors 192.168.200.1
BGP neighbor is 192.168.200.1, remote AS 200, external link
BGP version 4, remote router ID 192.168.200.1
BGP state = Established, up for 01:15:06
Last read 00:00:08, last write 00:00:06, hold time is 180, keepalive
interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 5 4
Keepalives: 77 77
Route Refresh: 3 0
Total: 86 82
Default minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 4, neighbor version 4/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
Outgoing update network filter list is 15
Default weight 1000
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 1 1 (Consumes 52 bytes)
Prefixes Total: 5 4
Implicit Withdraw: 4 3
Explicit Withdraw: 0 0
Used as bestpath: n/a 1
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Suppressed duplicate: 0 3
Bestpath from this peer: 4 n/a
Total: 4 3
Number of NLRIs in the update sent: max 1, min 1
Connections established 1; dropped 0
Last reset never
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 1
Local host: 192.168.200.2, Local port: 179
Foreign host: 192.168.200.1, Foreign port: 24673
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x46DE24):
Timer Starts Wakeups Next
Retrans 87 4 0x0
TimeWait 0 0 0x0
AckHold 82 81 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0
iss: 2971400288 snduna: 2971402126 sndnxt: 2971402126 sndwnd: 16024
irs: 3172325383 rcvnxt: 3172327100 rcvwnd: 16175 delrcvwnd: 209
SRTT: 361 ms, RTTO: 488 ms, RTV: 127 ms, KRTT: 0 ms
minRTT: 144 ms, maxRTT: 948 ms, ACK hold: 200 ms
Flags: passive open, nagle, gen tcbs
IP Precedence value : 6
Datagrams (max data segment is 1460 bytes):
Rcvd: 165 (out of order: 0), with data: 82, total data bytes: 1716
Sent: 170 (retransmit: 4, fastretransmit: 0, partialack: 0, Second
Congestion: 0), with data: 85, total data bytes: 1837
Router#show ip bgp neighbors 192.168.100.1
BGP neighbor is 192.168.100.1, remote AS 100, external link
BGP version 4, remote router ID 192.168.100.1
BGP state = Established, up for 01:15:01
Last read 00:00:01, last write 00:00:01, hold time is 180, keepalive
interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 6 0
Keepalives: 77 77
Route Refresh: 3 1
Total: 87 79
Default minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 4, neighbor version 4/0
Output queue size : 0
Index 2, Offset 0, Mask 0x4
2 update-group member
Outgoing update network filter list is 15
Condition-map NON-EXIST, Advertise-map ADVERTISE, status: Advertise
Default weight 500
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 1 0
Prefixes Total: 6 0
Implicit Withdraw: 5 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
prefix-list 5 0
Total: 5 0
Number of NLRIs in the update sent: max 1, min 1
Connections established 1; dropped 0
Last reset never
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 1
Local host: 192.168.100.2, Local port: 179
Foreign host: 192.168.100.1, Foreign port: 59024
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x470FD4):
Timer Starts Wakeups Next
Retrans 85 1 0x0
TimeWait 0 0 0x0
AckHold 79 2 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0
iss: 1267845407 snduna: 1267847297 sndnxt: 1267847297 sndwnd: 15967
irs: 973353198 rcvnxt: 973354730 rcvwnd: 16327 delrcvwnd: 57
SRTT: 377 ms, RTTO: 574 ms, RTV: 197 ms, KRTT: 0 ms
minRTT: 160 ms, maxRTT: 816 ms, ACK hold: 200 ms
Flags: passive open, nagle, gen tcbs
IP Precedence value : 6
Datagrams (max data segment is 1460 bytes):
Rcvd: 164 (out of order: 0), with data: 79, total data bytes: 1531
Sent: 91 (retransmit: 1, fastretransmit: 0, partialack: 0, Second
Congestion: 0), with data: 86, total data bytes: 1889
Router#show ip bgp neighbors 192.168.100.1 advertised-routes
BGP table version is 4, local router ID is 192.168.100.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 0.0.0.0 0 32768 i
Total number of prefixes 1
Router#show ip bgp neighbors 192.168.200.1 advertised-routes
BGP table version is 4, local router ID is 192.168.100.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/24 0.0.0.0 0 32768 i
Total number of prefixes 1
On Sun, Mar 15, 2009 at 11:39 PM, <RPhookun at lecg.com> wrote:
>
> One gotcha I ran into sometime ago - on 12.4 T
>
> the neighbor 192.168.100.1 advertise-map ADVERTISE non-exist-map
> NON-EXIST has to be configured in the address-family ipv4
>
> conf t
> router bgp 10
> address-family ipv4
> neighbor 192.168.100.1 advertise-map ADVERTISE non-exist-map NON-EXIST
> exit-address-family
>
> Not sure if this is your case.
>
> can you include the output of -
>
> sh ip bgp neigh x.x.x.x
> sh ip bgp neigh x.x.x.x advertised routes?
>
> Regards,
> ./Randy
>
>
>
>
>
> *Burak Dikici <bdikici at gmail.com>*
> Sent by: cisco-nsp-bounces at puck.nether.net
>
> 03/15/2009 02:21 PM
> To
> RPhookun at lecg.com cc
> Ivan Pepelnjak <ip at ioshints.info>, cisco-nsp-bounces at puck.nether.net,
> cisco-nsp at puck.nether.net
> Subject
> Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route
> map'saccess-list problem
>
>
>
>
>
> I have made a change on the lab with the commands which are written below
> ,
> but ISP-2 still getting my announcment. No success...
>
>
> ip as-path access-list 1 permit ^200 (ISP-1 AS number)
>
> ip prefix-list AS200-track seq 5 permit 192.168.200.0/24 (subnet
> between multihoming router and ISP-1 router)
>
> route-map NON-EXIST permit 10
> match ip address prefix-list AS200-track
> match as-path 1
>
> router bgp 10
> neighbor 192.168.100.1 advertise-map ADVERTISE non-exist-map NON-EXIST
>
>
>
>
>
>
>
>
> On Sun, Mar 15, 2009 at 11:03 PM, <RPhookun at lecg.com> wrote:
>
> >
> > I agree with Ivan in that the tracked prefix in the Non-Exist-Map should
> > be the ISP-1 infrastructure address because in its absence you wouldn't
> be
> > receiving any other routes from ISP-1
> > However, the match of the tracked prefix is from the BGP table *not* the
> IP
> > routing table and "match-as-path" can be very relevant in some topologies
> > and its absence in the Non-Exist-Map can cause the conditional
> advertisement
> > feature to break.
> >
> > Cisco has an excellent example - "Configuring and Verifying the
> Conditional
> > Advertisement Feature"
> >
> > ./Randy
> >
> >
> >
> >
> >
> > *"Ivan Pepelnjak" <ip at ioshints.info>*
> > Sent by: cisco-nsp-bounces at puck.nether.net
> >
> > 03/15/2009 12:48 PM
> > To
> > "'Burak Dikici'" <bdikici at gmail.com>
> > cc
> > cisco-nsp at puck.nether.net Subject
> > Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route
> > map'saccess-list problem
> >
> >
> >
> >
> >
> > That's the problem everyone has with the NON-EXIST-MAP :) Usually the IP
> > prefix used to address the ISP-1 infrastructure is the best bet.
> >
> > The "match as-path" statement in the NON-EXIST-MAP is irrelevant (unless
> > I'm
> > totally wrong about the match being made with the routes in the IP
> routing
> > table :).
> >
> > Ivan
> >
> >
> > _____
> >
> > From: Burak Dikici [mailto:bdikici at gmail.com]
> > Sent: Sunday, March 15, 2009 8:19 PM
> > To: Ivan Pepelnjak
> > Cc: Mateusz Blaszczyk; cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route
> > map'saccess-list problem
> >
> >
> > Hi Ivan ,
> >
> > Ok than , what should i use for NON-EXIST route-map's access-list ?
> Which
> > prefix should i trust from ISP-1 (Primary ISP) ?
> > Is it necessary to use "match ip address" and "match as-path" statements
> > together in the NON-EXIST route-map ?
> >
> >
> > On Sun, Mar 15, 2009 at 8:46 PM, Ivan Pepelnjak <ip at ioshints.info>
> wrote:
> >
> >
> > You can't use "permit any" because it would match any route in the IP
> > routing table (including the connected interfaces). The access list used
> in
> > NON-EXIST-MAP is used on the IP routing table, not on the BGP table
> (that's
> > why the AS path doesn't work either).
> >
> > Ivan
> >
> >
> > > -----Original Message-----
> > > From: Burak Dikici [mailto:bdikici at gmail.com]
> > > Sent: Sunday, March 15, 2009 7:16 PM
> > > To: Mateusz Blaszczyk
> > > Cc: cisco-nsp at puck.nether.net
> >
> > > Subject: Re: [c-nsp] BGP conditional advertisemet - NON-EXIST
> > > route map'saccess-list problem
> > >
> >
> > > Hi Mateusz ,
> > >
> > > For better understanding , i have attached the topology
> > > screenshot and the router's configuration files. (By the way
> > > , this is a lab config.)
> > >
> > > In the attached Router's configuration ,
> > >
> > > access-list 65 permit 172.16.1.0 0.0.0.255
> > >
> > > command is used and with this command bgp conditional
> > > advertisement is working fine.
> > >
> > > But when i use ,
> > >
> > > access-list 65 permit any
> > >
> > > command , the conditional advertisement doesn't work.
> >
> >
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list