BGP advertise-map to track two or more prefixes (AND)

Answered Question
May 20th, 2008

Hello!

Need assistance!

I have two prefixes in BGP-table (p1, p2), received from other neighbors.

Third exist prefix (p3) I want to advertise only when BOTH prefixese are exist (p1 AND p2).

Tried this:

!

router bgp 100

network 30.30.30.30 mask 255.255.255.255

neighbor 1.1.1.1 advertise-map WHAT exist-map WHEN

!

ip prefix-list p1 permit 10.10.10.10/32

ip prefix-list p2 permit 20.20.20.20/32

ip prefix-list p3 permit 30.30.30.30/32

!

route-map WHAT permit 10

match ip address prefix-list p3

!

route-map WHEN permit 10

match ip address prefix-list p1 p2

!

Doesn't work :(

Router advertise p3 even one from two prefixes exist :(

Need "p1 and p2", but in real "p1 or p2".

Continue clause is not supported in condition route-map!

Also tried policy-list:

!

route-map WHEN permit 10

match policy-list list1

!

ip policy-list list1 permit

match ip address prefix-list p1 p2

Doesn't work :(

Any ideas?

I have this problem too.
0 votes
Correct Answer by Harold Ritter about 8 years 8 months ago

Narayan,

You are correct. It is not possible to create a condition that both prefixes have to be matched. What you can do though is the following.

Create an aggregate out of P1 and P2 and based your conditional advertisement the presence of attributes from both P1 and P2 on the aggregate route.

For instance, P1 could have a community of 1:1 and P2 a community of 1:2 and you could then use a setup similar to the following:

!

router bgp

aggregate-address x.x.x.x y.y.y.y as-set

!

route-map when permit 10

match ip address prefix-list aggregate

match community 1

!

ip community-list 1 permit 1:1 1:2

!

ip prefix-list aggregate permit x.x.x.x/x

!

You could set these communities using an inbound policy if they are not already set.

Regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
royalblues Tue, 05/20/2008 - 07:19

You are correct.. i have seen this behaviour when the BGP conditional advertisement advertises the prefix even if any one of the match condition is true.

Problem is you cannot even have 2 match statements where in you can reference a prefix-list and also an access-list together

Now sure how to get around this for now. In the meantime lets see if someone else in this forum can point out a way

Narayan

Correct Answer
Harold Ritter Tue, 05/20/2008 - 09:49

Narayan,

You are correct. It is not possible to create a condition that both prefixes have to be matched. What you can do though is the following.

Create an aggregate out of P1 and P2 and based your conditional advertisement the presence of attributes from both P1 and P2 on the aggregate route.

For instance, P1 could have a community of 1:1 and P2 a community of 1:2 and you could then use a setup similar to the following:

!

router bgp

aggregate-address x.x.x.x y.y.y.y as-set

!

route-map when permit 10

match ip address prefix-list aggregate

match community 1

!

ip community-list 1 permit 1:1 1:2

!

ip prefix-list aggregate permit x.x.x.x/x

!

You could set these communities using an inbound policy if they are not already set.

Regards,

Sergey Zaytsev Tue, 05/20/2008 - 22:06

Hello!

Tried that....it WORKS:)

(as400 p1)----(as100 p3, agg)---(as300)

(as500 p2)-----/

Have prefix p1 from neighbor as400 with community 400:1, prefix p2 from neighbor as500 with community 500:1.

Making aggregate 10.0.0.0/8 with as-set and advertise-map Agg to create aggregate only from p1+p2.

Aggregate is for local use (outbound route-map filter! community additive in "aggregate attribute-map" not supported) with community of prefixes p1,p2 ("400:1 500:1").

Advertise prefix p3 to neighbor as300, as you said, with advertise-map (exist-map) match on aggregate prefix and community #1.

router bgp 100

....

network mask

aggregate-address 10.0.0.0 255.0.0.0 as-set advertise-map ADV

neighbor remote-as 300

neighbor route-map OUT out

neighbor advertise-map WHAT exist-map WHEN

neighbor remote-as 500

neighbor remote-as 400

!

ip community-list 1 permit 400:1 500:1

!

ip prefix-list agg seq 5 permit

ip prefix-list agg seq 10 permit

!

ip prefix-list p1-2 seq 5 permit 10.0.0.0/8

!

ip prefix-list p3 seq 5 permit

!

route-map WHAT permit 10

match ip address prefix-list p3

!

route-map WHEN permit 10

match ip address prefix-list p1-2

match community 1

!

route-map AGG permit 10

match ip address prefix-list agg

!

route-map OUT deny 10

match ip address prefix-list p1-2

!

route-map OUT permit 20

!

So, when both prefixes p1 and p2 are in bgp-table, prefix p3 advertise to neighbor as300.

as100#sh ip bgp nei | i Cond

Condition-map WHEN, Advertise-map WHAT, status: Advertise

When one of them is absent, aggregate's community is changing and p3's advertising is withdrawing!

as100#sh ip bgp nei | i Cond

Condition-map WHEN, Advertise-map WHAT, status: Withdraw

It's less easy then I thought (exist-map manipulation), but it WORKS :)

Thank you, HAROLD!

Actions

This Discussion