07-08-2008 06:30 AM - edited 03-03-2019 10:38 PM
I have a dual links to an ISP. If without this route-map, the connection work fine. However, if I use the following route map, my client failed to access 13.1.0.0/24 and 14.1.0.0/24 subnet!
Can I know why? My intention to use the route map is to make sure all the incoming traffic to 13.1.0.0 and 14.1.0.0 subnets are via the NL ISP
router bgp 400
neighbor 172.11.1.25 remote-as 288
neighbor 172.11.1.25 description To US
neighbor 172.11.1.25 version 4
neighbor 172.11.1.25 soft-reconfiguration inbound
neighbor 172.11.1.25 route-map set_metric_toUS out
neighbor 172.11.1.29 remote-as 288
neighbor 172.11.1.29 description To NL Node
neighbor 172.11.1.29 version 4
neighbor 172.11.1.29 soft-reconfiguration inbound
neighbor 172.11.1.29 route-map set_metric_toNL out
network 11.1.0.0 mask 255.255.255.0
network 13.1.0.0 mask 255.255.255.0
network 14.1.0.0 mask 255.255.255.0
no auto-summ
!
!
route-map set_metric_toUS permit 10
match ip address 10
set metric 10
!
route-map set_metric_toUS permit 20
set metric 20
!
access-list 10 permit 11.1.0.0 0.0.0.255
!
route-map set_metric_toNL permit 10
match ip address 10
set metric 20
!
route-map set_metric_toNL permit 20
set metric 10
!
Solved! Go to Solution.
07-08-2008 11:40 PM
You ACL is fine, but the "set metric" value is only locally significant to the US and NL ISP!
Try to do this:
access-list 20 permit 13.1.0.0 0.0.0.255
access-list 20 permit 14.1.0.0 0.0.0.255
!
access-list 10 permit 11.1.0.0 0.0.0.255
!
route-map set_metric_toUS permit 10
match ip address 20
set as-path prepend 400 400
!
route-map set_metric_toUS permit 20
!
!
route-map set_metric_toNL permit 10
match ip address 10
set as-path prepend 400 400
!
route-map set_metric_toNL permit 20
!
!
07-09-2008 03:24 AM
Your configuration looks ok. It says that 11.x will be advertised with MED 10 to US & rest of n/w will be advertised with MED 20 to US. Thus 13 & 14 n/w will be advertised as MED 10 to NL. Sincce lower metric routes are preferred, hence traffic to 13 & 14 must come from NL. The point is, if the client is receiving the routes to 13 & 14 at all.
Do you see these as advertise routes in "sh bgp neighbor 172.11.1.29 advertised-routes". Similarly at the other end, check sh ip bgp.
07-08-2008 07:32 AM
You are only allowing the distribution of the 11.1.0.0 0.0.0.255, remember at the end of any ACL there is an implicit deny all, so the following acl reads:-
access-list 10 permit 11.1.0.0 0.0.0.255
access-list 10 Deny any any (you don't see this)
Try adding the following:-
access-list 20 permit 11.1.0.0 0.0.0.255
access-list 20 permit 13.1.0.0 0.0.0.255
access-list 20 permit 14.1.0.0 0.0.0.255
Then change:-
route-map set_metric_toNL permit 10
match ip address 20
HTH.
07-08-2008 07:37 AM
let's check how you route-map works :)
do
sh ip bgp route-map set_metric_toUS
sh ip bgp route-map set_metric_toNL
07-08-2008 11:40 PM
You ACL is fine, but the "set metric" value is only locally significant to the US and NL ISP!
Try to do this:
access-list 20 permit 13.1.0.0 0.0.0.255
access-list 20 permit 14.1.0.0 0.0.0.255
!
access-list 10 permit 11.1.0.0 0.0.0.255
!
route-map set_metric_toUS permit 10
match ip address 20
set as-path prepend 400 400
!
route-map set_metric_toUS permit 20
!
!
route-map set_metric_toNL permit 10
match ip address 10
set as-path prepend 400 400
!
route-map set_metric_toNL permit 20
!
!
07-09-2008 05:53 AM
Thank you. You solved my problem.
07-09-2008 03:24 AM
Your configuration looks ok. It says that 11.x will be advertised with MED 10 to US & rest of n/w will be advertised with MED 20 to US. Thus 13 & 14 n/w will be advertised as MED 10 to NL. Sincce lower metric routes are preferred, hence traffic to 13 & 14 must come from NL. The point is, if the client is receiving the routes to 13 & 14 at all.
Do you see these as advertise routes in "sh bgp neighbor 172.11.1.29 advertised-routes". Similarly at the other end, check sh ip bgp.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: