[c-nsp] Dumb question

Ziv Leyes zivl at gilat.net
Thu Aug 4 04:07:31 EDT 2011 

Didn't get you on that one, please explain


-----Original Message-----
From: Brault, Ryan [mailto:RYAN.BRAULT at Illinois.gov] 
Sent: Wednesday, August 03, 2011 7:07 PM
To: Ziv Leyes
Cc: 'cisco-nsp at puck.nether.net'
Subject: RE: [c-nsp] Dumb question

No synchronization on RTR2?  Not sure if that is part of the obvious and irrelevant...

Ryan Brault
Illinois Century Network
Illinois Department of Central Management Services
815-936-4647

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ziv Leyes
Sent: Wednesday, August 03, 2011 10:44 AM
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Dumb question

OK, this is what I have configured (omitting the obvious and irrelevant):

RTR1#
router bgp 100
 neighbor RTR2 remote-as 100
 neighbor x.x.x.x peer-group RTR2 
 neighbor RTR2 send-community
 neighbor RTR2 route-map RTR2-OUT out
!
route-map RTR2-OUT permit 10
 match ip address prefix-list COMMUNITY-1
 set community 100:1
!
route-map RTR2-OUT permit 20
 match ip address prefix-list COMMUNITY-2
 set community 100:2 
! 
ip prefix-list COMMUNITY-1 seq 5 permit 1.1.1.0/24
ip prefix-list COMMUNITY-2 seq 5 permit 2.2.2.0/24

RTR2#
router bgp 100
 neighbor RTR1 remote-as 100
 neighbor y.y.y.y peer-group RTR1
 neighbor RTR1 route-map RTR1-IN in 
 neighbor ISP1 remote-as 11111
 neighbor z.z.z.z peer-group ISP1
 neighbor ISP1 send-community
 neighbor ISP1 route-map ISP1-OUT out
(similar settings for ISP2, with opposite prepending settings)
  
ip bgp-community new-format
ip community-list standard COMMUNITY-1 permit 100:1
ip community-list standard COMMUNITY-2 permit 100:2
!
route-map RTR1-IN permit 10
 match community 100:1
!
route-map RTR1-IN permit 20
 match community 100:2
!
route-map ISP1-OUT permit 10
 match community COMMUNITY-1
!
route-map ISP1-OUT permit 20
 match community COMMUNITY-2
 set as-path prepend 100 100 100 100
!
route-map ISP2-OUT permit 10
 match community COMMUNITY-2
!
route-map ISP2-OUT permit 20
 match community COMMUNITY-1
 set as-path prepend 100 100 100 100
!

Now, checking what I see, I get the following:

RTR1# sh ip bgp neighbor x.x.x.x advertised
   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24   0.0.0.0                  0         32768 i
*> 2.2.2.0/24   0.0.0.0                  0         32768 i

RTR2# sh ip bgp neighbor y.y.y.y received-routes
   Network          Next Hop            Metric LocPrf Weight Path
* i1.1.1.0/24   207.226.45.254           0    100      0 i
* i2.2.2.0/24   207.226.45.254           0    100      0 i

RTR2# sh ip bgp 1.1.1.0
BGP routing table entry for 1.1.1.0/24, version 7234660
Paths: (1 available, no best path)
  Not advertised to any peer
  Local, (Received from a RR-client), (received-only)
    y.y.y.y (metric 100) from y.y.y.y (y.y.y.x)
      Origin IGP, metric 0, localpref 100, valid, internal
      Community: 100:1

Same result for 2.2.2.0/24, as you can see, community is seen correctly, now, if seen, then it must be matched and set to go out to ISPs, theoretically, however:

RTR2# sh ip bgp neighbor z.z.z.z advertised

Total number of prefixes 0

BUMMER!!!!

What I do find very strange is the following:
route-map RTR1-IN, permit, sequence 10
  Match clauses:
    community (community-list filter): 100:1 
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map RTR1-IN, permit, sequence 20
  Match clauses:
    community (community-list filter): 100:2 
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map ISP1-OUT, permit, sequence 10
  Match clauses:
    community (community-list filter): COMMUNITY-1 
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map ISP1-OUT, permit, sequence 20
  Match clauses:
    community (community-list filter): COMMUNITY-2 
  Set clauses:
    as-path prepend 100 100 100 100
  Policy routing matches: 0 packets, 0 bytes

See? all the counters are zero!

I tried resetting all the sessions in and out, soft, hard, harder, nothing!
I'm sure I'm missing something here!
Please help
Ziv

 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************




The information contained in this e-mail message and its attachments is confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender, and then delete the message from your computer.  Thank you!

******** This mail was sent via Mail-SeCure System.********



 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************

More information about the cisco-nsp mailing list