[c-nsp] re-advertising eBGP learned prefixes
Andrey Koklin
aka at veco.ru
Fri Oct 21 03:32:35 EDT 2011
On 10/21/2011 10:45, Sergey Nikitin wrote:
> Could you post the output of "show ip bgp neighbor 10.36.254.2" ?
Yes, here it is:
-- 8< --
spring# sh ip bgp nei 10.36.254.2
BGP neighbor is 10.36.254.2, remote AS 21017, external link
BGP version 4, remote router ID 80.82.57.179
BGP state = Established, up for 1d19h
Last read 00:00:02, last write 00:00:02, hold time is 20, keepalive interval is 5 seconds
Configured hold time is 20,keepalive interval is 5 seconds, Minimum holdtime from neighbor is 15 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 35 35
Notifications: 25 5
Updates: 42954 147160
Keepalives: 6438720 4874883
Route Refresh: 2 0
Total: 6481736 5022083
Default minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 569719, neighbor version 569707/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
Inbound soft reconfiguration allowed
Inbound path policy configured
Outbound path policy configured
Route map for incoming advertisements is FROM_VPN_CTK
Route map for outgoing advertisements is TO_VPN_CTK
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 38 295 (Consumes 30732 bytes)
Prefixes Total: 19674 21173
Implicit Withdraw: 134 804
Explicit Withdraw: 19828 20074
Used as bestpath: n/a 257
Used as multipath: n/a 0
Saved (soft-reconfig): n/a 296 (Consumes 15392 bytes)
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
route-map: 11964 21
Suppressed duplicate: 4 800
Bestpath from this peer: 19576 n/a
Total: 31544 821
Number of NLRIs in the update sent: max 287, min 0
Connections established 35; dropped 34
Last reset 1d19h, due to User reset
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 1
Local host: 10.36.254.1, Local port: 15312
Foreign host: 10.36.254.2, Foreign port: 179
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x7AD85240C):
Timer Starts Wakeups Next
Retrans 35028 8 0x0
TimeWait 0 0 0x0
AckHold 26931 23160 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0
iss: 2289351992 snduna: 2290290732 sndnxt: 2290290732 sndwnd: 15088
irs: 2142678336 rcvnxt: 2143467834 rcvwnd: 15038 delrcvwnd: 1346
SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 0 ms
minRTT: 0 ms, maxRTT: 432 ms, ACK hold: 200 ms
Flags: active open, nagle
IP Precedence value : 6
Datagrams (max data segment is 1460 bytes):
Rcvd: 57420 (out of order: 0), with data: 26977, total data bytes: 789497
Sent: 58985 (retransmit: 8, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 35282, total data bytes: 938739
-- 8< --
> Andrey Koklin wrote:
>> On 10/20/2011 19:17, Gert Doering wrote:
>>
>>>> ip as-path access-list 100 permit ^$
>>>> ip as-path access-list 101 permit _21017_
>>>> ip as-path access-list 102 permit _21017_21017_
>>
>>> This...
>>
>>>> route-map TO_VPN_CTK permit 10
>>>> match ip address prefix-list TO_VPN_CTK
>>>> match as-path 100
>>
>>> ... together with this will only permit AS-paths matched by ACL 100,
>>> which is "^$" = "your local AS".
>>
>>> So this AS path ACL will never permit anything learned from eBGP.
>>
>> Oh, yes, this is important error!
>>
>> I've added now the AS which prefixes should be seen there.
>> Now it is:
>>
>> -- 8< --
>> router bgp 65036
>> no synchronization
>> bgp log-neighbor-changes
>> bgp redistribute-internal
>> network 10.36.0.0 mask 255.255.0.0
>> network 213.129.126.0
>> timers bgp 5 20 15
>> neighbor 10.36.254.2 remote-as 21017
>> neighbor 10.36.254.2 soft-reconfiguration inbound
>> neighbor 10.36.254.2 route-map FROM_VPN_CTK in
>> neighbor 10.36.254.2 route-map TO_VPN_CTK out
>> neighbor 213.129.126.1 remote-as 65036
>> neighbor 213.129.126.1 soft-reconfiguration inbound
>> default-information originate
>> distance bgp 100 100 10
>> no auto-summary
>>
>> ip as-path access-list 100 permit ^$
>> ip as-path access-list 100 permit _30835_
>>
>> ip prefix-list TO_VPN_CTK description announced nets through CTK VPN
>> ip prefix-list TO_VPN_CTK seq 10 permit 0.0.0.0/0
>> ip prefix-list TO_VPN_CTK seq 20 permit 213.129.126.0/24
>> ip prefix-list TO_VPN_CTK seq 30 permit 10.36.0.0/16
>> ip prefix-list TO_VPN_CTK seq 35 permit 10.36.0.0/16 le 28
>> ip prefix-list TO_VPN_CTK seq 40 permit 10.36.0.0/18 le 28
>> ip prefix-list TO_VPN_CTK seq 50 permit 10.36.248.0/23 le 24
>>
>> route-map TO_VPN_CTK permit 10
>> match ip address prefix-list TO_VPN_CTK
>> match as-path 100
>> -- 8< --
>>
>> But unfortunately, the problem remains:
>>
>> spring#cle ip bgp * soft
>>
>> spring#sh ip bgp 10.36.72.32
>> BGP routing table entry for 10.36.72.32/27, version 507121
>> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>> Flag: 0x820
>> Not advertised to any peer
>> 20485 30835, (received & used)
>> 10.36.2.22 (metric 3072) from 213.129.126.1 (10.36.1.1)
>> Origin incomplete, metric 0, localpref 100, valid, internal, best
>> Originator: 10.36.1.4, Cluster list: 10.36.1.1
More information about the cisco-nsp
mailing list