[c-nsp] re-advertising eBGP learned prefixes

Andrey Koklin aka at veco.ru
Fri Oct 21 03:32:35 EDT 2011


On 10/21/2011 10:45, Sergey Nikitin wrote:

> Could you post the output of "show ip bgp neighbor 10.36.254.2" ?

Yes, here it is:

-- 8< --
spring# sh ip bgp nei 10.36.254.2

BGP neighbor is 10.36.254.2,  remote AS 21017, external link
  BGP version 4, remote router ID 80.82.57.179
  BGP state = Established, up for 1d19h
  Last read 00:00:02, last write 00:00:02, hold time is 20, keepalive interval is 5 seconds
  Configured hold time is 20,keepalive interval is 5 seconds, Minimum holdtime from neighbor is 15 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
  Message statistics:
    InQ depth is 0
    OutQ depth is 0
                         Sent       Rcvd
    Opens:                 35         35
    Notifications:         25          5
    Updates:            42954     147160
    Keepalives:       6438720    4874883
    Route Refresh:          2          0
    Total:            6481736    5022083
  Default minimum time between advertisement runs is 30 seconds

 For address family: IPv4 Unicast
  BGP table version 569719, neighbor version 569707/0
 Output queue size : 0
  Index 1, Offset 0, Mask 0x2
  1 update-group member
  Inbound soft reconfiguration allowed
  Inbound path policy configured
  Outbound path policy configured
  Route map for incoming advertisements is FROM_VPN_CTK
  Route map for outgoing advertisements is TO_VPN_CTK
                                 Sent       Rcvd
  Prefix activity:               ----       ----
    Prefixes Current:              38        295 (Consumes 30732 bytes)
    Prefixes Total:             19674      21173
    Implicit Withdraw:            134        804
    Explicit Withdraw:          19828      20074
    Used as bestpath:             n/a        257
    Used as multipath:            n/a          0
    Saved (soft-reconfig):        n/a        296 (Consumes 15392 bytes)

                                   Outbound    Inbound
  Local Policy Denied Prefixes:    --------    -------
    route-map:                        11964         21
    Suppressed duplicate:                 4        800
    Bestpath from this peer:          19576        n/a
    Total:                            31544        821
  Number of NLRIs in the update sent: max 287, min 0

  Connections established 35; dropped 34
  Last reset 1d19h, due to User reset
Connection state is ESTAB, I/O status: 1, unread input bytes: 0            
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 1
Local host: 10.36.254.1, Local port: 15312
Foreign host: 10.36.254.2, Foreign port: 179

Enqueued packets for retransmit: 0, input: 0  mis-ordered: 0 (0 bytes)

Event Timers (current time is 0x7AD85240C):
Timer          Starts    Wakeups            Next
Retrans         35028          8             0x0
TimeWait            0          0             0x0
AckHold         26931      23160             0x0
SendWnd             0          0             0x0
KeepAlive           0          0             0x0
GiveUp              0          0             0x0
PmtuAger            0          0             0x0
DeadWait            0          0             0x0

iss: 2289351992  snduna: 2290290732  sndnxt: 2290290732     sndwnd:  15088
irs: 2142678336  rcvnxt: 2143467834  rcvwnd:      15038  delrcvwnd:   1346

SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 0 ms
minRTT: 0 ms, maxRTT: 432 ms, ACK hold: 200 ms
Flags: active open, nagle
IP Precedence value : 6

Datagrams (max data segment is 1460 bytes):
Rcvd: 57420 (out of order: 0), with data: 26977, total data bytes: 789497
Sent: 58985 (retransmit: 8, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 35282, total data bytes: 938739
-- 8< --

> Andrey Koklin wrote:
>> On 10/20/2011 19:17, Gert Doering wrote:
>>
>>>> ip as-path access-list 100 permit ^$
>>>> ip as-path access-list 101 permit _21017_
>>>> ip as-path access-list 102 permit _21017_21017_
>>
>>> This...
>>
>>>> route-map TO_VPN_CTK permit 10
>>>>  match ip address prefix-list TO_VPN_CTK
>>>>  match as-path 100
>>
>>> ... together with this will only permit AS-paths matched by ACL 100,
>>> which is "^$" = "your local AS".
>>
>>> So this AS path ACL will never permit anything learned from eBGP.
>>
>> Oh, yes, this is important error!
>>
>> I've added now the AS which prefixes should be seen there.
>> Now it is:
>>
>> -- 8< --
>> router bgp 65036
>>  no synchronization
>>  bgp log-neighbor-changes
>>  bgp redistribute-internal
>>  network 10.36.0.0 mask 255.255.0.0
>>  network 213.129.126.0
>>  timers bgp 5 20 15
>>  neighbor 10.36.254.2 remote-as 21017
>>  neighbor 10.36.254.2 soft-reconfiguration inbound
>>  neighbor 10.36.254.2 route-map FROM_VPN_CTK in
>>  neighbor 10.36.254.2 route-map TO_VPN_CTK out
>>  neighbor 213.129.126.1 remote-as 65036
>>  neighbor 213.129.126.1 soft-reconfiguration inbound
>>  default-information originate
>>  distance bgp 100 100 10
>>  no auto-summary
>>
>> ip as-path access-list 100 permit ^$
>> ip as-path access-list 100 permit _30835_
>>
>> ip prefix-list TO_VPN_CTK description announced nets through CTK VPN
>> ip prefix-list TO_VPN_CTK seq 10 permit 0.0.0.0/0
>> ip prefix-list TO_VPN_CTK seq 20 permit 213.129.126.0/24
>> ip prefix-list TO_VPN_CTK seq 30 permit 10.36.0.0/16
>> ip prefix-list TO_VPN_CTK seq 35 permit 10.36.0.0/16 le 28
>> ip prefix-list TO_VPN_CTK seq 40 permit 10.36.0.0/18 le 28
>> ip prefix-list TO_VPN_CTK seq 50 permit 10.36.248.0/23 le 24
>>
>> route-map TO_VPN_CTK permit 10
>>  match ip address prefix-list TO_VPN_CTK
>>  match as-path 100
>> -- 8< --
>>
>> But unfortunately, the problem remains:
>>
>> spring#cle ip bgp * soft                                      
>>
>> spring#sh ip bgp 10.36.72.32                     
>> BGP routing table entry for 10.36.72.32/27, version 507121
>> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>> Flag: 0x820
>>   Not advertised to any peer
>>   20485 30835, (received & used)
>>     10.36.2.22 (metric 3072) from 213.129.126.1 (10.36.1.1)
>>       Origin incomplete, metric 0, localpref 100, valid, internal, best
>>       Originator: 10.36.1.4, Cluster list: 10.36.1.1



More information about the cisco-nsp mailing list