[c-nsp] re-advertising eBGP learned prefixes

Andrey Koklin aka at veco.ru
Thu Oct 20 11:39:45 EDT 2011 

On 10/20/2011 19:17, Gert Doering wrote:

>> ip as-path access-list 100 permit ^$
>> ip as-path access-list 101 permit _21017_
>> ip as-path access-list 102 permit _21017_21017_

> This...

>> route-map TO_VPN_CTK permit 10
>>  match ip address prefix-list TO_VPN_CTK
>>  match as-path 100

> ... together with this will only permit AS-paths matched by ACL 100,
> which is "^$" = "your local AS".

> So this AS path ACL will never permit anything learned from eBGP.

Oh, yes, this is important error!

I've added now the AS which prefixes should be seen there.
Now it is:

-- 8< --
router bgp 65036
 no synchronization
 bgp log-neighbor-changes
 bgp redistribute-internal
 network 10.36.0.0 mask 255.255.0.0
 network 213.129.126.0
 timers bgp 5 20 15
 neighbor 10.36.254.2 remote-as 21017
 neighbor 10.36.254.2 soft-reconfiguration inbound
 neighbor 10.36.254.2 route-map FROM_VPN_CTK in
 neighbor 10.36.254.2 route-map TO_VPN_CTK out
 neighbor 213.129.126.1 remote-as 65036
 neighbor 213.129.126.1 soft-reconfiguration inbound
 default-information originate
 distance bgp 100 100 10
 no auto-summary

ip as-path access-list 100 permit ^$
ip as-path access-list 100 permit _30835_

ip prefix-list TO_VPN_CTK description announced nets through CTK VPN
ip prefix-list TO_VPN_CTK seq 10 permit 0.0.0.0/0
ip prefix-list TO_VPN_CTK seq 20 permit 213.129.126.0/24
ip prefix-list TO_VPN_CTK seq 30 permit 10.36.0.0/16
ip prefix-list TO_VPN_CTK seq 35 permit 10.36.0.0/16 le 28
ip prefix-list TO_VPN_CTK seq 40 permit 10.36.0.0/18 le 28
ip prefix-list TO_VPN_CTK seq 50 permit 10.36.248.0/23 le 24

route-map TO_VPN_CTK permit 10
 match ip address prefix-list TO_VPN_CTK
 match as-path 100
-- 8< --

But unfortunately, the problem remains:

spring#cle ip bgp * soft                                      

spring#sh ip bgp 10.36.72.32                     
BGP routing table entry for 10.36.72.32/27, version 507121
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  Not advertised to any peer
  20485 30835, (received & used)
    10.36.2.22 (metric 3072) from 213.129.126.1 (10.36.1.1)
      Origin incomplete, metric 0, localpref 100, valid, internal, best
      Originator: 10.36.1.4, Cluster list: 10.36.1.1

More information about the cisco-nsp mailing list