[c-nsp] match multiple communities in route-map

Mateusz Blaszczyk blahu77 at gmail.com
Tue Mar 24 12:32:27 EDT 2009 

Andy,

Try using policy-list which don't get merged like community-lists...

ip policy-list PERMIT200 permit
   match community 2
!
ip policy-list PERMIT100 permit
   match community 1
!
ip community-list 1 permit 123:100
ip community-list 2 permit 123:200
!
!
!
route-map OUT permit 10
   match policy-list PERMIT200
   match policy-list PERMIT100
!


Best Regards,


-mat



2009/3/24 Andy BIERLAIR <andy.bierlair at root.lu>:
> I have read that multiple match lines in a route-map are treated with AND
> logic.
>
> But this scenario here does not do AND, but OR:
>
> route-map IX-TEST-OUT permit 10
>  match community PREPEND-1-PEERING
>  match community PEERING-OUT
>  set as-path prepend 65001
>
> route-map IX-TEST-OUT permit 20
>  match community PREPEND-2-PEERING
>  match community PEERING-OUT
>  set as-path prepend 65001 65001
>
> route-map IX-TEST-OUT permit 30
>  match community PEERING-OUT
>
> What I am trying to do is this:
>
> 1) Every customer who is sending me prefixes gets a community tag via
> inbound route-map. Every prefix gets injected into community PEERING-OUT.
>
> PEERING-OUT has all the prefixes I want to announce to my peers (not
> transits!) on a public Internet Exchange
>
>
> 2) The customer can send a certain number of communities to us in order to
> manipulate ingress traffic towards his ASN. For instance community list
> PREPEND-x-PEERING has all the prefixes that customers want to apply
> prepending to.
>
> Prepending Communities are:
>
> 64600:X - Prepend X times to Transit (x = 0 - 4)
> 64700:X - Prepend X times to Peer (x = 0 - 4)
>
>
> In order to announce all my prefixes correctly to my peers, I need to match
> multiple communities - or find a different solution.
>
> In my scenario above all my peers will get ALL my prefixes with 1x
> prepending of 65001, and not just those that match PREPEND-1-PEERING.
>
> I also tried the "continue" statement in route-maps, but this didn't seem to
> help either.
>
> What is wrong with this scenario?
>
> Thanks.
>
> -
> Andy
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 
pgp-key 0x1C655CAB

More information about the cisco-nsp mailing list