[c-nsp] Is there a command to check which BGP ingress policy drops the received prefix in Cisco ASR routers?

Mark Tinka mark.tinka at seacom.mu
Mon Aug 10 05:51:11 EDT 2015

On 10/Aug/15 09:14, Martin T wrote:
> Mark,
> I agree that it is most likely because of inbound policy applied to
> that neighbor session. Even the "sh bgp neighbor" for that particular
> BGP session shows that:
>   Cumulative no. of prefixes denied: 11.
>     No policy: 0, Failed RT match: 0
>     By ORF policy: 0, By policy: 11
> While I did not find a Cisco documentation which explains the
> cumulative number of prefixes denied by policy, I guess it is the
> number of prefixes dropped by inbound policies over the time.
> However, inbound policy for this BGP neighbor is built of dozen other
> route-policies using the "apply"(executes a policy from within another
> policy) statement. I was hoping that maybe there is a command which
> displays exactly which route-policy drops the prefix.

Hmmh, don't know of such a command in any router OS code. You'll just
have to go through the entire policy, line by line.

I know Junos has the ability for you test your policies against the
routing table to see what they match. Don't know of such a command in
IOS XR, although I'm not sure it would help in this case.


More information about the cisco-nsp mailing list