[c-nsp] BGP conditional advertisemet - NON-EXIST route map'saccess-list problem
RPhookun at lecg.com
RPhookun at lecg.com
Sat Mar 21 14:12:54 EDT 2009
Hi Burak,
I had replied with the *fix* some days ago -
You can still use the ISP-1 infrastructrure /24. You have to have the
ISP-1 router announce the /24 to router#
As you probably realise, this announcement is not required for the peering
session *itself* to be up.
The annoucement by ISP-1 router of this /24 will cause it to appear in
router#'s bgp table which you can then use as the tracked prefix.
Router#'s routing table will always install only the *connected*(d-0)
version of this /24 which is what you want! The eBGP version(d-20) will
exist only in the bgp table as a valid prefix you can track.
Hope this helps.
./Randy
Burak Dikici <bdikici at gmail.com>
Sent by: cisco-nsp-bounces at puck.nether.net
03/21/2009 08:19 AM
To
RPhookun at lecg.com, ip at ioshints.info
cc
cisco-nsp-bounces at puck.nether.net, cisco-nsp at puck.nether.net
Subject
Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route
map'saccess-list problem
Hello ,
The main problem is which prefix should i track ? I can't use the
infrastructe subnet between my router and ISP-1 router , because it is
directly connected and it is in the routing table , not in the bgp table.
I was thinking on that , then i have decided to use reliable root DNS
servers subnets to track with acl or prefix-list , for example ;
access-list 20 permit 198.41.0.0 0.0.0.255 /* a.root-servers.net */
access-list 20 permit 192.228.79.0 0.0.0.255 /* b.root-servers.net */
access-list 20 permit 192.33.4.0 0.0.0.255 /* c.root-servers.net */
access-list 20 permit 128.8.0.0 0.0.255.255 /* d.root-servers.net */
what do you think about this idea ?
Burak Dikici
On Thu, Mar 19, 2009 at 2:48 PM, Burak Dikici <bdikici at gmail.com> wrote:
> Sorry about my late reply. I am very busy these days with another
project.
> I am going to test your recommendations in a few days , and going to
reply
> back to you. Thank you all. Kind Regards...
>
> Burak Dikici
>
>
>
> On Wed, Mar 18, 2009 at 12:04 AM, <RPhookun at lecg.com> wrote:
>
>>
>> The prefix-list within the Non-Exist clause also has to *exactly* match
>> the prefix in the bgp table..
>> Regards,
>> ./Randy
>>
>>
>>
>>
>> *"Ivan Pepelnjak" <ip at ioshints.info>*
>> Sent by: cisco-nsp-bounces at puck.nether.net
>>
>> 03/17/2009 02:20 PM
>> To
>> "'Dale Shaw'"
<dale.shaw+cisco-nsp at gmail.com<dale.shaw%2Bcisco-nsp at gmail.com>>,
>> "'Burak Dikici'" <bdikici at gmail.com> cc
>> cisco-nsp at puck.nether.net Subject
>> Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route
>> map'saccess-list problem
>>
>>
>>
>>
>>
>> Did some tests on the NON-EXIST-MAP with 12.2SRC. I was spreading
wrong
>> rumors, time to fix them:
>>
>> * The route-map checks the routes in the BGP table (_not_ in the IP
>> routing
>> table). Dale was right.
>> * It can take a while for the routes to be advertised/withdrawn; the
>> non-exist-map is checked only at the BGP scan intervals (60 seconds by
>> default, can be adjusted).
>> * You can use a combination of an access-list and AS-path access-list
in
>> the
>> route-map.
>>
>> The handling of standard access-lists used in the "match ip address"
>> route-map condition is a bit weird, though:
>>
>> * "permit any" does _NOT_ work.
>> * "permit prefix 0.0.0.0" (which gets translated into "permit prefix"
in
>> standard ACL) does _NOT_ work.
>> * fancy wildcard tests (for example "permit 0.0.0.0 127.255.255.255) do
>> _NOT_ work
>>
>> It looks like:
>>
>> * the IP prefix in the BGP table must match the address in the ACL
exactly
>> (wildcard bits are ignored).
>> * ... but you still need the wildcard bits (inverted netmask) for the
>> match
>> to work.
>>
>> For example: if you want to match 10.8.8.0/24, you have to use "permit
>> 10.8.8.0 0.0.0.255". "permit 10.8.8.0" or "permit 10.8.0.0 0.0.255.255"
do
>> _NOT_ work.
>>
>> Left to do: tests with the ip prefix-list instead of IP access list
(and
>> no,
>> I will NOT test extended ACL :).
>>
>> Hope this helps
>> Ivan
>>
>> > -----Original Message-----
>> > From: Dale Shaw
[mailto:dale.shaw+cisco-nsp at gmail.com<dale.shaw%2Bcisco-nsp at gmail.com>]
>>
>> > Sent: Sunday, March 15, 2009 11:33 PM
>> > To: Burak Dikici
>> > Cc: cisco-nsp at puck.nether.net
>> > Subject: Re: [c-nsp] BGP conditional advertisemet - NON-EXIST
>> > route map'saccess-list problem
>> >
>> > Hi Burak,
>> >
>> > On Mon, Mar 16, 2009 at 12:06 AM, Burak Dikici
>> > <bdikici at gmail.com> wrote:
>> > > i am trying to use
>> > > BGP conditional advertisemet configuration. I have got a
>> > problem with
>> > > NON-EXIST route map's access-list. In the NON-EXIST router map i am
>> > > using the commands which is written below ;
>> >
>> > Here are some notes I made recently when playing with BGP
>> > conditional advertising. I hope it helps.
>> >
>> > 1.) prefixes matched in advertise-map and exist/non-exist map
>> > must exist (or not) in the *BGP* table
>> > however: they do not need to be locally originated (e.g. R1
>> > can match routes received from R2 and advertise (or not) to R3
>> > and: the validity of the prefix in the BGP table (i.e.
>> > RIB-failure) doesn't matter. if there's there, and using
>> > exist-map, the condition is met.
>> >
>> > 2.) when using 'exist' map, prefixes matched by advertise-map
>> > are advertised when exist-map condition is met
>> > example: advertise 1.0.0.0/8 (advertise-map) from BGP table when
>> > 3.20.20.0/24 (exist-map) exists in BGP table
>> >
>> > 3.) when exist 'non-exist' map, prefixes matched by
>> > advertise-map are advertised when non-exist-map condition is met
>> > example: advertise 1.0.0.0/8 (advertise-map) from BGP table when
>> > 3.20.20.0/24 (non-exist-map) does NOT exist in BGP table
>> >
>> > 4.) prefixes matched in advertise-map are the only prefixes
>> > affected -- other prefixes that may exist are advertised (or
>> > not) as normal
>> >
>> > 5.) when dealing with conditional advertisement tasks, always
>> > consider what will happen normally (without any config)
>> >
>> > I'd be happy to be corrected, but I think the first point is
>> > contrary to what Ivan said. Also consider point #4 -- BGP
>> > conditional advertising is not strictly a route filtering
>> > mechanism, although it can be configured to achieve similar results.
>> >
>> > cheers,
>> > Dale
>> >
>> >
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list