[c-nsp] re-advertising eBGP learned prefixes

Gert Doering gert at greenie.muc.de
Thu Oct 20 10:14:49 EDT 2011 

Hi,

On Thu, Oct 20, 2011 at 06:05:55PM +0400, Andrey Koklin wrote:
> The scheme is a bit more complicated, in fact, something like:
> 
>                --- R4-AS2 ---
> ClientA---> AS4              R1-AS1--(ibgp)--R2-AS1---> R3-AS3
>                --- R5-AS3 ---
> 
> We use the same operator (AS3) to organize 2 independent VPN's
> for magistral and regional services.
> 
> The problem here looks that AS3 is present already in the path,
> so the prefixes are not advertised into another VPN.

Indeed.  Actually, they are usually advertised these days, but
then dropped on *import* by AS3.

You can configure the AS3 router allow incoming paths that already have
AS3 in the path with "neighbor ... allowas-in" - but that will defeat
BGP loop-detection, so be careful with what you're asking for.

> Here AS3 = 21017. And what I see on R2:
> 
> spring#sh ip bgp 10.36.72.32
> BGP routing table entry for 10.36.72.32/27, version 505812
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>   Not advertised to any peer

I'm not exactly sure when this behaviour was changed, not doing the
filter on the sending side of an eBGP link - but we've seen it years
ago already.

Your best bet might be "not use AS3 in multiple places".

> spring#sh ip bgp 10.36.72.32                                   
> BGP routing table entry for 10.36.72.32/27, version 506076
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>   Not advertised to any peer
>   20485 30835, (received & used)
>     10.36.2.22 (metric 3072) from 213.129.126.1 (10.36.1.1)
>       Origin incomplete, metric 0, localpref 100, valid, internal, best
>       Originator: 10.36.1.4, Cluster list: 10.36.1.1

So how's your export policies on that router towards the neighbour
that you should see the prefix on?

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20111020/847f655d/attachment.pgp>

More information about the cisco-nsp mailing list