[c-nsp] BGP conditional advertisemet - NON-EXIST route map'saccess-list problem

Burak Dikici bdikici at gmail.com
Thu Mar 19 08:48:44 EDT 2009


 Sorry about my late reply. I am very busy these days with another project.
I am going to test your recommendations in a few days , and going to reply
back to you. Thank you all. Kind Regards...

Burak Dikici



On Wed, Mar 18, 2009 at 12:04 AM, <RPhookun at lecg.com> wrote:

>
> The prefix-list within the Non-Exist clause also has to *exactly* match the
> prefix in the bgp table..
> Regards,
> ./Randy
>
>
>
>
>   *"Ivan Pepelnjak" <ip at ioshints.info>*
> Sent by: cisco-nsp-bounces at puck.nether.net
>
> 03/17/2009 02:20 PM
>    To
> "'Dale Shaw'" <dale.shaw+cisco-nsp at gmail.com<dale.shaw%2Bcisco-nsp at gmail.com>>,
> "'Burak Dikici'" <bdikici at gmail.com>  cc
>   cisco-nsp at puck.nether.net  Subject
> Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route
>  map'saccess-list problem
>
>
>
>
>
>  Did some tests on the NON-EXIST-MAP with 12.2SRC. I was spreading wrong
> rumors, time to fix them:
>
> * The route-map checks the routes in the BGP table (_not_ in the IP routing
> table). Dale was right.
> * It can take a while for the routes to be advertised/withdrawn; the
> non-exist-map is checked only at the BGP scan intervals (60 seconds by
> default, can be adjusted).
> * You can use a combination of an access-list and AS-path access-list in
> the
> route-map.
>
> The handling of standard access-lists used in the "match ip address"
> route-map condition is a bit weird, though:
>
> * "permit any" does _NOT_ work.
> * "permit prefix 0.0.0.0" (which gets translated into "permit prefix" in
> standard ACL) does _NOT_ work.
> * fancy wildcard tests (for example "permit 0.0.0.0 127.255.255.255) do
> _NOT_ work
>
> It looks like:
>
> * the IP prefix in the BGP table must match the address in the ACL exactly
> (wildcard bits are ignored).
> * ... but you still need the wildcard bits (inverted netmask) for the match
> to work.
>
> For example: if you want to match 10.8.8.0/24, you have to use "permit
> 10.8.8.0 0.0.0.255". "permit 10.8.8.0" or "permit 10.8.0.0 0.0.255.255" do
> _NOT_ work.
>
> Left to do: tests with the ip prefix-list instead of IP access list (and
> no,
> I will NOT test extended ACL :).
>
> Hope this helps
> Ivan
>
> > -----Original Message-----
> > From: Dale Shaw [mailto:dale.shaw+cisco-nsp at gmail.com<dale.shaw%2Bcisco-nsp at gmail.com>]
>
> > Sent: Sunday, March 15, 2009 11:33 PM
> > To: Burak Dikici
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] BGP conditional advertisemet - NON-EXIST
> > route map'saccess-list problem
> >
> > Hi Burak,
> >
> > On Mon, Mar 16, 2009 at 12:06 AM, Burak Dikici
> > <bdikici at gmail.com> wrote:
> > > i am trying to use
> > > BGP conditional advertisemet configuration. I have got a
> > problem with
> > > NON-EXIST route map's access-list. In the NON-EXIST router map i am
> > > using the commands which is written below ;
> >
> > Here are some notes I made recently when playing with BGP
> > conditional advertising. I hope it helps.
> >
> > 1.) prefixes matched in advertise-map and exist/non-exist map
> > must exist (or not) in the *BGP* table
> >  however: they do not need to be locally originated (e.g. R1
> > can match routes received from R2 and advertise (or not) to R3
> >  and: the validity of the prefix in the BGP table (i.e.
> > RIB-failure) doesn't matter. if there's there, and using
> > exist-map, the condition is met.
> >
> > 2.) when using 'exist' map, prefixes matched by advertise-map
> > are advertised when exist-map condition is met
> >  example: advertise 1.0.0.0/8 (advertise-map) from BGP table when
> > 3.20.20.0/24 (exist-map) exists in BGP table
> >
> > 3.) when exist 'non-exist' map, prefixes matched by
> > advertise-map are advertised when non-exist-map condition is met
> >  example: advertise 1.0.0.0/8 (advertise-map) from BGP table when
> > 3.20.20.0/24 (non-exist-map) does NOT exist in BGP table
> >
> > 4.) prefixes matched in advertise-map are the only prefixes
> > affected -- other prefixes that may exist are advertised (or
> > not) as normal
> >
> > 5.) when dealing with conditional advertisement tasks, always
> > consider what will happen normally (without any config)
> >
> > I'd be happy to be corrected, but I think the first point is
> > contrary to what Ivan said. Also consider point #4 -- BGP
> > conditional advertising is not strictly a route filtering
> > mechanism, although it can be configured to achieve similar results.
> >
> > cheers,
> > Dale
> >
> >
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>


More information about the cisco-nsp mailing list