BGP4 issue

Answered Question
Jul 8th, 2008

I have a dual links to an ISP. If without this route-map, the connection work fine. However, if I use the following route map, my client failed to access 13.1.0.0/24 and 14.1.0.0/24 subnet!

Can I know why? My intention to use the route map is to make sure all the incoming traffic to 13.1.0.0 and 14.1.0.0 subnets are via the NL ISP

router bgp 400

neighbor 172.11.1.25 remote-as 288

neighbor 172.11.1.25 description To US

neighbor 172.11.1.25 version 4

neighbor 172.11.1.25 soft-reconfiguration inbound

neighbor 172.11.1.25 route-map set_metric_toUS out

neighbor 172.11.1.29 remote-as 288

neighbor 172.11.1.29 description To NL Node

neighbor 172.11.1.29 version 4

neighbor 172.11.1.29 soft-reconfiguration inbound

neighbor 172.11.1.29 route-map set_metric_toNL out

network 11.1.0.0 mask 255.255.255.0

network 13.1.0.0 mask 255.255.255.0

network 14.1.0.0 mask 255.255.255.0

no auto-summ

!

!

route-map set_metric_toUS permit 10

match ip address 10

set metric 10

!

route-map set_metric_toUS permit 20

set metric 20

!

access-list 10 permit 11.1.0.0 0.0.0.255

!

route-map set_metric_toNL permit 10

match ip address 10

set metric 20

!

route-map set_metric_toNL permit 20

set metric 10

!

I have this problem too.
0 votes
Correct Answer by bvsnarayana03 about 8 years 4 months ago

Your configuration looks ok. It says that 11.x will be advertised with MED 10 to US & rest of n/w will be advertised with MED 20 to US. Thus 13 & 14 n/w will be advertised as MED 10 to NL. Sincce lower metric routes are preferred, hence traffic to 13 & 14 must come from NL. The point is, if the client is receiving the routes to 13 & 14 at all.

Do you see these as advertise routes in "sh bgp neighbor 172.11.1.29 advertised-routes". Similarly at the other end, check sh ip bgp.

Correct Answer by mycla9_123 about 8 years 4 months ago

You ACL is fine, but the "set metric" value is only locally significant to the US and NL ISP!

Try to do this:

access-list 20 permit 13.1.0.0 0.0.0.255

access-list 20 permit 14.1.0.0 0.0.0.255

!

access-list 10 permit 11.1.0.0 0.0.0.255

!

route-map set_metric_toUS permit 10

match ip address 20

set as-path prepend 400 400

!

route-map set_metric_toUS permit 20

!

!

route-map set_metric_toNL permit 10

match ip address 10

set as-path prepend 400 400

!

route-map set_metric_toNL permit 20

!

!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.

You are only allowing the distribution of the 11.1.0.0 0.0.0.255, remember at the end of any ACL there is an implicit deny all, so the following acl reads:-

access-list 10 permit 11.1.0.0 0.0.0.255

access-list 10 Deny any any (you don't see this)

Try adding the following:-

access-list 20 permit 11.1.0.0 0.0.0.255

access-list 20 permit 13.1.0.0 0.0.0.255

access-list 20 permit 14.1.0.0 0.0.0.255

Then change:-

route-map set_metric_toNL permit 10

match ip address 20

HTH.

a.alekseev Tue, 07/08/2008 - 07:37

let's check how you route-map works :)

do

sh ip bgp route-map set_metric_toUS

sh ip bgp route-map set_metric_toNL

Correct Answer
mycla9_123 Tue, 07/08/2008 - 23:40

You ACL is fine, but the "set metric" value is only locally significant to the US and NL ISP!

Try to do this:

access-list 20 permit 13.1.0.0 0.0.0.255

access-list 20 permit 14.1.0.0 0.0.0.255

!

access-list 10 permit 11.1.0.0 0.0.0.255

!

route-map set_metric_toUS permit 10

match ip address 20

set as-path prepend 400 400

!

route-map set_metric_toUS permit 20

!

!

route-map set_metric_toNL permit 10

match ip address 10

set as-path prepend 400 400

!

route-map set_metric_toNL permit 20

!

!

Correct Answer
bvsnarayana03 Wed, 07/09/2008 - 03:24

Your configuration looks ok. It says that 11.x will be advertised with MED 10 to US & rest of n/w will be advertised with MED 20 to US. Thus 13 & 14 n/w will be advertised as MED 10 to NL. Sincce lower metric routes are preferred, hence traffic to 13 & 14 must come from NL. The point is, if the client is receiving the routes to 13 & 14 at all.

Do you see these as advertise routes in "sh bgp neighbor 172.11.1.29 advertised-routes". Similarly at the other end, check sh ip bgp.

Actions

This Discussion