[f-nsp] Routes being installed, even though they're filtered out

frnkblk at iname.com frnkblk at iname.com
Tue Oct 4 21:45:18 EDT 2016 

James,

 

I think you found it …. learned from the IX’s route-reflector … looks like I need to apply the route filter on that session, too.  And it matches with the AS6939’s recent work to send more IPv4 prefixes to AS53679.

 

MLXe-4#show ip bgp route detail 167.142.0.0

Number of BGP Routes matching display condition : 2

Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED

       E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH

       S:SUPPRESSED F:FILTERED s:STALE

1       Prefix: 167.142.0.0/24,  Status: BE,  Age: 2h7m48s

         NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer: 206.108.255.1 (53679)

          LOCAL_PREF: 100,  MED: 80,  ORIGIN: igp,  Weight: 0

         AS_PATH: 6939 5056

            COMMUNITIES: 0:2906 0:12989 0:13335 0:15133 0:15169 0:16509 0:20940 0:22822 0:36040

2       Prefix: 167.142.0.0/24,  Status: E,  Age: 4h45m44s

         NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer: 206.108.255.2 (53679)

          LOCAL_PREF: 100,  MED: 80,  ORIGIN: igp,  Weight: 0

         AS_PATH: 6939 5056

            COMMUNITIES: 0:2906 0:12989 0:13335 0:15133 0:15169 0:16509 0:20940 0:22822 0:36040

       Last update to IP routing table: 4h45m44s, 1 path(s) installed:

       Route is not advertised to any peers

MLXe-4#

 

Frank

 

From: James Cornman [mailto:james at atlanticmetro.net] 
Sent: Tuesday, October 04, 2016 8:37 PM
To: frnkblk at iname.com
Cc: foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] Routes being installed, even though they're filtered out

 

Try 

 

#show ip bgp route detail 167.142.0.0

 

To see if its possibly coming from a different neighbor that isn't subject to that filtering? I've seen that in other situations where routes are learned from a route-server at an exchange point, and not the direct peer, and its not 100% obvious of that until you see what session it came from.

 

-James

 

 

On Tue, Oct 4, 2016 at 9:12 PM, <frnkblk at iname.com <mailto:frnkblk at iname.com> > wrote:

We're running 5.6ff on an MLXe-4 and after BGP sessions hiccupped this
afternoon we saw a route installed, even though it's filtered out.

I feel like a newbie asking this question ... but why is the route
installed, even though it's clearly configured to be filtered out and shown
as a filtered route?

MLXe-4#show ip bgp routes 167.142.0.0
Number of BGP Routes matching display condition : 2
Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED
       E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH
       S:SUPPRESSED F:FILTERED s:STALE
       Prefix             Next Hop        MED        LocPrf     Weight
Status
1      167.142.0.0/24 <http://167.142.0.0/24>      206.108.255.52  80         100        0      BE
         AS_PATH: 6939 5056
2      167.142.0.0/24 <http://167.142.0.0/24>      206.108.255.52  80         100        0      E
         AS_PATH: 6939 5056
       Last update to IP routing table: 3h43m33s, 1 path(s) installed:
       Route is not advertised to any peers
MLXe-4#
MLXe-4#show ip bgp filtered-routes detail | begin 167.142.0.0
129     Prefix: 167.142.0.0/16 <http://167.142.0.0/16> ,  Status: EF,  Age: 4h55m44s
         NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
206.108.255.52 (6939)
          LOCAL_PREF: 100,  MED: 0,  ORIGIN: igp,  Weight: 0
         AS_PATH: 6939 5056
130     Prefix: 167.142.0.0/24 <http://167.142.0.0/24> ,  Status: EF,  Age: 4h55m44s
         NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
206.108.255.52 (6939)
          LOCAL_PREF: 100,  MED: 0,  ORIGIN: igp,  Weight: 0
         AS_PATH: 6939 5056
131     Prefix: 167.142.2.0/24 <http://167.142.2.0/24> ,  Status: EF,  Age: 4h55m36s
         NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
206.108.255.52 (6939)
          LOCAL_PREF: 100,  MED: 0,  ORIGIN: igp,  Weight: 0
         AS_PATH: 6939 5056
            ATOMIC_AGGREGATE: set,  AGGREGATOR: 65502(167.142.2.2)
...
MLXe-4#
MLXe-4#show ip as-path-access-lists
ip as-path access list HE_INBOUND: 3 entries
     seq 10 deny ^6939_5056$
     seq 20 deny ^6939_5056_.*$
     seq 30 permit ^6939_.*
MLXe-4#
MLXe-4#sho ip bgp neighbors 206.108.255.52 | inc Filter
       Filter-list: (in) HE_INBOUND
MLXe-4 #


Frank

_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net <mailto:foundry-nsp at puck.nether.net> 
http://puck.nether.net/mailman/listinfo/foundry-nsp





 

-- 

James Cornman

Chief Technology Officer
jcornman at atlanticmetro.net <mailto:jcornman at atlanticmetro.net> 
212.792.9950 - ext 101

Atlantic Metro Communications

4 Century Drive, Parsippany NJ  07054


Colocation • Cloud Hosting • Network Connectivity • Managed Services
Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro>  • Like us on Facebook <https://www.facebook.com/atlanticmetro> 
 <https://www.atlanticmetro.net/> www.atlanticmetro.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20161004/9a538d07/attachment-0001.html>

More information about the foundry-nsp mailing list