[c-nsp] BGP Community Problem (I think)
Skeeve Stevens
Skeeve at eintellego.net
Tue Nov 17 23:05:03 EST 2009
Hey all,
I am confused as to why a BGP feed I take and take with a community and redistribute are some 50k routes different.
Details follow:
Platform is:
SYD-A-BDR-A#sh ver
Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 13:29 by prod_rel_team
ROM: System Bootstrap, Version 12.3(4r)T3, RELEASE SOFTWARE (fc1)
BOOTLDR: Cisco IOS Software, 7200 Software (C7200-BOOT-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
SYD-A-BDR-A uptime is 1 year, 43 weeks, 4 days, 20 hours, 26 minutes
System returned to ROM by Reload Command at 08:32:21 UTC Mon Jan 8 2001
System restarted at 16:49:17 AEST Thu Jan 17 2008
System image file is "disk2:c7200-advipservicesk9-mz.124-15.T1.bin"
- Inbound full route feed
114.x.x.65 4 4xxx 26710538 2546241 130268709 0 0 9w1d 302167
114.x.x.66 4 4xxx 25400126 1834326 130268709 1 0 2w5d 302163
- Tagged with community
route-map PRI-IN permit 10
match as-path 50
set weight 80
set community 17xxx:2000 additive
!
route-map PRI-IN permit 12
match as-path 52
set weight 90
set community 17xxx:2002 additive
!
route-map PRI-IN permit 20
match as-path 2
set weight 80
set community 17xxx:2001 additive
- Relevant config
ip as-path access-list 2 permit .*
ip as-path access-list 50 permit ^4xxx$
ip as-path access-list 52 permit ^4xxx_7xx_1xxx
!
ip community-list 200 permit 17xxx:2000
ip community-list 201 permit 17xxx:2001
ip community-list 202 permit 17xxx:2002
- Now, this all seems to work.
SYD-A-BDR-A#show ip bgp neighbors 114.x.x.66 received-routes | i Total
Total number of prefixes 302163
SYD-A-BDR-A#show ip bgp community-list 201 | redirect tftp://x.x.x.x/dump/20091118.txt
[root at dump]# more 20091118.txt | grep 193.66 | wc -l
301542
[root at dump]# more 20091118.txt | grep 193.65 | wc -l
301543
Now... there is a small difference which can be attributed to a variety of things... nothing I'm worried about since it is so close (500 routes).
Next:
route-map BNEA-OUT permit 10
match ip address prefix-list US-SEND-BNE-BLOCKS ! (Just local routes)
!
route-map BNEA-OUT permit 20
match community 201
!
route-map BNEA-OUT permit 30
description Community 17xxx:250 mapped to CL 125 ! (Redistributing peering routes)
match community 125
!
So.. we're tagging 301k routes inbound and examining the community list seems to be showing that is working fine, and then we are, using Community List 201 - sending that 301k + Local + Peering (7900 routes) to another PoP.
But...
SYD-A-BDR-A#show ip bgp neighbors 203.x.x.6 advertised-routes | i Total
Total number of prefixes 250915
So this is missing about 51k routes + Peering routes of about 8k... but the peering routes seem to be there, so that makes it about 60k transit routes that are missing that are not being sent 'in router' onto the next neighbour.
I hope I've included most significant information... if this doesn't make sense, let me know and I will explain in more detail?
...Skeeve
--
Skeeve Stevens, CEO/Technical Director
eintellego Pty Ltd - The Networking Specialists
skeeve at eintellego.net / www.eintellego.net
Phone: 1300 753 383, Fax: (+612) 8572 9954
Cell +61 (0)414 753 383 / skype://skeeve
www.linkedin.com/in/skeeve ; facebook.com/eintellego
--
NOC, NOC, who's there?
Disclaimer: Limits of Liability and Disclaimer: This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. eintellego Pty Ltd and each legal entity in the Tefilah Pty Ltd group of companies reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. Any reference to costs, fee quotations, contractual transactions and variations to contract terms is subject to separate confirmation in writing signed by an authorised representative of eintellego. Whilst all efforts are made to safeguard inbound and outbound e-mails, we cannot guarantee that attachments are virus-free or compatible with your systems and do not accept any liability in respect of viruses or computer problems experienced.
More information about the cisco-nsp
mailing list