[c-nsp] BGP conditional advertisemet - NON-EXIST route map'saccess-list problem

RPhookun at lecg.com RPhookun at lecg.com
Sat Mar 21 19:09:49 EDT 2009 

Hi Burak,
Ask ISP-A to announce the infrastructure /24 to router# as a local-route 
via a network statement 192.168.x.0 mask 255.255.255.0. They may not want 
to do the same via redistribute-connected(if rtr-ISP-1 is also used for 
peerring with other customers)

./Randy




Burak Dikici <bdikici at gmail.com> 
Sent by: cisco-nsp-bounces at puck.nether.net
03/21/2009 03:34 PM

To
RPhookun at lecg.com
cc
ip at ioshints.info, cisco-nsp-bounces at puck.nether.net, 
cisco-nsp at puck.nether.net
Subject
Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route 
map'saccess-list problem






  Hi Randy ,

 I have missied the point. I am going to talk this subject with the ISP-1.
Kind Regards.

Burak Dikici




On Sat, Mar 21, 2009 at 8:12 PM, <RPhookun at lecg.com> wrote:

>
> Hi Burak,
>
> I had replied with the *fix* some days ago -
> You can still use the ISP-1 infrastructrure /24. You have to have the 
ISP-1
> router announce the /24 to router#
> As you probably realise, this announcement is not required for the 
peering
> session *itself* to be up.
>
> The annoucement by ISP-1 router of this /24 will cause it to appear in
> router#'s bgp table which you can then use as the tracked prefix.
>
> Router#'s routing table will always install only the *connected*(d-0)
> version of this /24 which is what you want! The eBGP version(d-20) will
> exist only in the bgp table as a valid prefix you can track.
>
> Hope this helps.
> ./Randy
>
>
>
>   *Burak Dikici <bdikici at gmail.com>*
> Sent by: cisco-nsp-bounces at puck.nether.net
>
> 03/21/2009 08:19 AM
>    To
> RPhookun at lecg.com, ip at ioshints.info  cc
> cisco-nsp-bounces at puck.nether.net, cisco-nsp at puck.nether.net
>  Subject
> Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route
>  map'saccess-list problem
>
>
>
>
>
>    Hello ,
>
> The main problem is which prefix should i track ? I can't use the
> infrastructe subnet between my router and ISP-1 router , because it is
> directly connected and it is in the routing table , not in the bgp 
table.
> I was thinking on that , then i have decided to use reliable root DNS
> servers subnets to track with acl or prefix-list , for example ;
>
> access-list 20 permit 198.41.0.0 0.0.0.255 /* a.root-servers.net */
> access-list 20 permit 192.228.79.0 0.0.0.255 /* b.root-servers.net */
> access-list 20 permit 192.33.4.0 0.0.0.255 /* c.root-servers.net */
> access-list 20 permit 128.8.0.0 0.0.255.255 /* d.root-servers.net */
>
> what do you think about this idea ?
>
> Burak Dikici
>
>
>
>
> On Thu, Mar 19, 2009 at 2:48 PM, Burak Dikici <bdikici at gmail.com> wrote:
>
> >  Sorry about my late reply. I am very busy these days with another
> project.
> > I am going to test your recommendations in a few days , and going to
> reply
> > back to you. Thank you all. Kind Regards...
> >
> > Burak Dikici
> >
> >
> >
> > On Wed, Mar 18, 2009 at 12:04 AM, <RPhookun at lecg.com> wrote:
> >
> >>
> >> The prefix-list within the Non-Exist clause also has to *exactly* 
match
> >> the prefix in the bgp table..
> >> Regards,
> >> ./Randy
> >>
> >>
> >>
> >>
> >>   *"Ivan Pepelnjak" <ip at ioshints.info>*
> >> Sent by: cisco-nsp-bounces at puck.nether.net
> >>
> >> 03/17/2009 02:20 PM
> >>    To
> >> "'Dale Shaw'" 
<dale.shaw+cisco-nsp at gmail.com<dale.shaw%2Bcisco-nsp at gmail.com>
> <dale.shaw%2Bcisco-nsp at gmail.com <dale.shaw%252Bcisco-nsp at gmail.com>>>,
>
> >> "'Burak Dikici'" <bdikici at gmail.com>  cc
> >>   cisco-nsp at puck.nether.net  Subject
> >> Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route
> >>  map'saccess-list problem
> >>
> >>
> >>
> >>
> >>
> >>  Did some tests on the NON-EXIST-MAP with 12.2SRC. I was spreading 
wrong
> >> rumors, time to fix them:
> >>
> >> * The route-map checks the routes in the BGP table (_not_ in the IP
> >> routing
> >> table). Dale was right.
> >> * It can take a while for the routes to be advertised/withdrawn; the
> >> non-exist-map is checked only at the BGP scan intervals (60 seconds 
by
> >> default, can be adjusted).
> >> * You can use a combination of an access-list and AS-path access-list 
in
> >> the
> >> route-map.
> >>
> >> The handling of standard access-lists used in the "match ip address"
> >> route-map condition is a bit weird, though:
> >>
> >> * "permit any" does _NOT_ work.
> >> * "permit prefix 0.0.0.0" (which gets translated into "permit prefix" 
in
> >> standard ACL) does _NOT_ work.
> >> * fancy wildcard tests (for example "permit 0.0.0.0 127.255.255.255) 
do
> >> _NOT_ work
> >>
> >> It looks like:
> >>
> >> * the IP prefix in the BGP table must match the address in the ACL
> exactly
> >> (wildcard bits are ignored).
> >> * ... but you still need the wildcard bits (inverted netmask) for the
> >> match
> >> to work.
> >>
> >> For example: if you want to match 10.8.8.0/24, you have to use 
"permit
> >> 10.8.8.0 0.0.0.255". "permit 10.8.8.0" or "permit 10.8.0.0 
0.0.255.255"
> do
> >> _NOT_ work.
> >>
> >> Left to do: tests with the ip prefix-list instead of IP access list 
(and
> >> no,
> >> I will NOT test extended ACL :).
> >>
> >> Hope this helps
> >> Ivan
> >>
> >> > -----Original Message-----
>  >> > From: Dale Shaw 
[mailto:dale.shaw+cisco-nsp at gmail.com<dale.shaw%2Bcisco-nsp at gmail.com>
> <dale.shaw%2Bcisco-nsp at gmail.com <dale.shaw%252Bcisco-nsp at gmail.com>>]
> >>
> >> > Sent: Sunday, March 15, 2009 11:33 PM
> >> > To: Burak Dikici
> >> > Cc: cisco-nsp at puck.nether.net
> >> > Subject: Re: [c-nsp] BGP conditional advertisemet - NON-EXIST
> >> > route map'saccess-list problem
> >> >
> >> > Hi Burak,
> >> >
> >> > On Mon, Mar 16, 2009 at 12:06 AM, Burak Dikici
> >> > <bdikici at gmail.com> wrote:
> >> > > i am trying to use
> >> > > BGP conditional advertisemet configuration. I have got a
> >> > problem with
> >> > > NON-EXIST route map's access-list. In the NON-EXIST router map i 
am
> >> > > using the commands which is written below ;
> >> >
> >> > Here are some notes I made recently when playing with BGP
> >> > conditional advertising. I hope it helps.
> >> >
> >> > 1.) prefixes matched in advertise-map and exist/non-exist map
> >> > must exist (or not) in the *BGP* table
> >> >  however: they do not need to be locally originated (e.g. R1
> >> > can match routes received from R2 and advertise (or not) to R3
> >> >  and: the validity of the prefix in the BGP table (i.e.
> >> > RIB-failure) doesn't matter. if there's there, and using
> >> > exist-map, the condition is met.
> >> >
> >> > 2.) when using 'exist' map, prefixes matched by advertise-map
> >> > are advertised when exist-map condition is met
> >> >  example: advertise 1.0.0.0/8 (advertise-map) from BGP table when
> >> > 3.20.20.0/24 (exist-map) exists in BGP table
> >> >
> >> > 3.) when exist 'non-exist' map, prefixes matched by
> >> > advertise-map are advertised when non-exist-map condition is met
> >> >  example: advertise 1.0.0.0/8 (advertise-map) from BGP table when
> >> > 3.20.20.0/24 (non-exist-map) does NOT exist in BGP table
> >> >
> >> > 4.) prefixes matched in advertise-map are the only prefixes
> >> > affected -- other prefixes that may exist are advertised (or
> >> > not) as normal
> >> >
> >> > 5.) when dealing with conditional advertisement tasks, always
> >> > consider what will happen normally (without any config)
> >> >
> >> > I'd be happy to be corrected, but I think the first point is
> >> > contrary to what Ivan said. Also consider point #4 -- BGP
> >> > conditional advertising is not strictly a route filtering
> >> > mechanism, although it can be configured to achieve similar 
results.
> >> >
> >> > cheers,
> >> > Dale
> >> >
> >> >
> >>
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >>
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list