bgp announce route

Unanswered Question
Jul 16th, 2007
User Badges:

Hi,


we would like to announce routes to provider A and B. detail please refer following.


for provider A

200.1.0.0/23

200.1.2.0/24

200.1.3.0/24

for provider B

200.1.0.0/24

200.1.1.0/24

200.1.2.0/24

200.1.3.0/24


We find that, we always anounce 4 routes to provider A. what wrong is it? please advice.


Best regards


----


router bgp 30x

!


neighbor 202.1.1.1 route-map Set_ASN_PA out


!

!

!

access-list 45 permit 200.1.0.0 0.0.1.255

!

access-list 55 permit 200.1.2.0 0.0.0.255

access-list 55 permit 200.1.3.0 0.0.0.255


!

ip as-path access-list 300 deny .*

ip as-path access-list 300 permit ^$

!

!

route-map Set_ASN_PA permit 10

match ip address 45

set as-path prepend 30x

!

route-map Set_ASN_PA permit 20

match ip address 55

!

route-map Set_ASN_PA permit 30

match as-path 300

!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.9 (10 ratings)
Loading.
Harold Ritter Mon, 07/16/2007 - 07:27
User Badges:
  • Cisco Employee,

ACL 45 allows 200.1.0.0/24 and 200.1.1.0/24 because of the wildcard mask 0.0.1.255. This is why provider A received the 4 routes.


Hope this helps,

leungcm Mon, 07/16/2007 - 07:30
User Badges:

hi,


how do we force it to /23? pls advise


best regards


Harold Ritter Mon, 07/16/2007 - 07:49
User Badges:
  • Cisco Employee,

Prior to announcing the /23 to your SP, you first need to inject the /23 into BGP a network statement and a static route to null0 as follow:


router bgp x

network 2000.1.0.0 mask 255.255.254.0


ip route 200.1.0.0 255.255.254.0 null0


Also, if you want to only allow the /23 (200.1.0.0/23) towards provider A and not the two /24s (200.1.0.0/24 and 200.1.1.0/24), you should use a prefix-list or an extended ACL instead of the standard ACL.


ip prefix-list test permit 200.1.0.0/23


Hope this helps,

leungcm Mon, 07/16/2007 - 07:59
User Badges:

Dear Hritter,


Thanks. We would like to use extended ACL to announce /23. Is it


access list 101 permit ip 200.1.0.0 0.0.1.255 255.255.254.0 0.0.0.0.


pls advise

Harold Ritter Mon, 07/16/2007 - 08:02
User Badges:
  • Cisco Employee,

Your ACL would work but I would rather configure it as follow:


access list 101 permit ip 200.1.0.0 0.0.0.0 255.255.254.0 0.0.0.0.


Hope this helps,


leungcm Mon, 07/16/2007 - 08:39
User Badges:

Hi,


We add the access but it displays as:


access-list 101 permit ip host 200.1.0.0 host 255.255.254.0


when I re-start the bgp, it does not announce 200.1.0.0/23 out but it announce 200.1.2.0/24, 200.1.3.0/24. It means that it announce two routes only. Any idea?


Best regards


Harold Ritter Mon, 07/16/2007 - 08:56
User Badges:
  • Cisco Employee,

It is normal behavior for the ACL to display as host as this means perfect match (or match all bits).


Can you post the new route-map and ACL and

the output of a "show ip bgp route-map Set_ASN_PA"


Regards,

leungcm Mon, 07/16/2007 - 09:20
User Badges:

Hi,


config is following:



---

access-list 145 permit ip 203.x.2.0 0.0.0.0 255.255.254.0 0.0.0.0


access-list 55 permit 203.x.0.0 0.0.0.255

access-list 55 permit 203.x.1.0 0.0.0.255

---

route-map Set_ASN_PA permit 10

match ip address 145

set as-path prepend 30x

!

route-map Set_ASN_PA permit 20

match ip address 55

!

route-map Set_ASN_PA permit 30

match as-path 200


---


BGP table version is 17687614, local router ID is 202.x.x.xx

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete


Network Next Hop Metric LocPrf Weight Path

*> 203.x.0.0 203.x.y.94 0 32768 i

*> 203.x.1.0 0.0.0.0 0 32768 i

*> 203.x.2.0 203.x.y.95 0 32768 i

*> 203.x.3.0 0.0.0.0 0 32768 i


----

Harold Ritter Mon, 07/16/2007 - 09:29
User Badges:
  • Cisco Employee,

Did you generate the /23 using a network statement as I recommended previously? Can you post a "show ip bgp 203.x.2.0 255.255.254.0"


Also, note that the instance 30 in your routemap will allow everything that hasn't been allowed by the two previous instances.


Regards,

leungcm Mon, 07/16/2007 - 09:38
User Badges:

hi,


do we use


---

ip as-path access-list 300 deny .*

ip as-path access-list 300 permit ^$


route-map Set_ASN_PA permit 30

match as-path 300

---



Harold Ritter Mon, 07/16/2007 - 09:41
User Badges:
  • Cisco Employee,

Sorry. I meant to say everything that matches the as-path. Is 203.*.2.0/23 present in the BGP table?


Regards,

leungcm Mon, 07/16/2007 - 09:49
User Badges:

hi,


we check it, the result is


--

% Network not in table

---


it is because the network is inside our network


best regards



Harold Ritter Mon, 07/16/2007 - 09:52
User Badges:
  • Cisco Employee,

Did you use a network statement to generate 203.x.2.0/23 and also did you configure a matching route to null0?


Regards,

leungcm Mon, 07/16/2007 - 09:56
User Badges:

hi,


the network statement is /24, total 4 network statement there.


Do I change it to /23 and two /24?


If so, do it affect the provider B? please advise


Best regards


Harold Ritter Mon, 07/16/2007 - 10:06
User Badges:
  • Cisco Employee,

You definitely need to have a network statement for the /23. You also need the two netwrok statements for the /24s as you still need to advertise them to your other provider.


I looked at instance 30 of the route-map and the as-path list is actually inverted:


ip as-path access-list 300 deny .*

ip as-path access-list 300 permit ^$


The first line denies everything as the second one only allows the locally originated prefixes but will ever be used.


Regards,

leungcm Mon, 07/16/2007 - 10:37
User Badges:

Hi,


we put network statement on bgp router


network 203.x.0.0

network 203.x.1.0

network 203.x.2.0 mask 255.255.254.0


after that, we cannot announce 203.x.2.0/23 route to both provider A and B. So, we fall back to existing.


any idea?


Best regards

Harold Ritter Mon, 07/16/2007 - 11:00
User Badges:
  • Cisco Employee,

Do you mean that a) route 203.x.2.0/23 was still not announced via BGP or b) that it was announced to both providers?


If a) then you need to make sure you have a route in the RIB for the /23. You can had a static route as follow:


ip route 203.x.2.0 255.255.254.0 null0


If b) you need to change the route-map towards provider B to filter the /23 out.


Regards,

leungcm Wed, 07/18/2007 - 05:45
User Badges:

hritter,


we re-config the bgp and we would like to have as following:


for provider A

200.1.0.0/24

200.1.1.0/24

200.1.2.0/23


for provider B

200.1.0.0/24

200.1.1.0/24

200.1.2.0/24

200.1.3.0/24


we find that the router always announces /23 to provider B. How do we send four routes? pls advice



----


router bgp 30x

!

network

200.1.0.0

200.1.1.0

200.1.2.0 mask 255.255.254.0


neighbor 202.1.1.1 route-map Set_ASN_PB out

!

ip route 200.1.2.0 mask 255.255.254.0 null0 250

!

!

!

access-list 20 permit 200.1.0.0 0.0.0.255

access-list 20 permit 200.1.1.0 0.0.0.255

access-list 20 permit 200.1.2.0 0.0.0.255

access-list 20 permit 200.1.3.0 0.0.0.255



!

ip as-path access-list 130 deny .*

ip as-path access-list 130 permit ^$

!

!

route-map Set_ASN_PB permit 10

match ip address 20

!

route-map Set_ASN_PB permit 30

match as-path 130

!


---

BGP table version is 248, local router ID is 10.254.210.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete


Network Next Hop Metric LocPrf Weight Path

*> 200.1.0.0 0.0.0.0 0 32768 i

*> 200.1.1.0 0.0.0.0 0 32768 i

*> 200.1.2.0/23 0.0.0.0 0 32768 i





Harold Ritter Wed, 07/18/2007 - 06:16
User Badges:
  • Cisco Employee,

You need to change the ACL for the route-map towards provider B. You need to use an extended ACL there as well to achieve what you want.


Here's a sample config that would do what you want.


router bgp x

network 200.1.0.0

network 200.1.1.0

network 200.1.2.0

network 200.1.2.0 mask 255.255.254.0

network 200.1.3.0

!

ip route 200.1.0.0 255.255.255.0 null0 250

ip route 200.1.1.0 255.255.255.0 null0 250

ip route 200.1.2.0 255.255.255.0 null0 250

ip route 200.1.2.0 255.255.254.0 null0 250

ip route 200.1.3.0 255.255.255.0 null0 250

!

route-map Set_ASN_PA permit 10

match ip address 110

!

route-map Set_ASN_PB permit 10

match ip address 120

!

access-list 110 permit ip host 200.1.0.0 host 255.255.255.0

access-list 110 permit ip host 200.1.1.0 host 255.255.255.0

access-list 110 permit ip host 200.1.2.0 host 255.255.254.0

!

access-list 120 permit ip host 200.1.0.0 host 255.255.255.0

access-list 120 permit ip host 200.1.1.0 host 255.255.255.0

access-list 120 permit ip host 200.1.2.0 host 255.255.255.0

access-list 120 permit ip host 200.1.3.0 host 255.255.255.0


Hope this helps,


Actions

This Discussion