Help understanding received routes

Unanswered Question
Aug 28th, 2008
User Badges:

I've just recently brought up a peering with one of our ISPs. The goals of my config are to deny bad routes(bogons), deny transit traffic, and to accept default plus local routes from my isp. When I do a 'sho ip bgp neigh x.x.x.x routes' I only get the following:


Network Next Hop Metric LocPrf Weight Path

*> 0.0.0.0 12.x.191.x 0 0 7018 i


Total number of prefixes 1


So this is telling me that I'm only getting default I believe. I use a route map to deny bogons, but at the end of the deny statements I permit 0.0.0.0/0. I use a filter list 'in' to allow local routes.


Could the route-map be 'trumping' the filter list since they're both inbound?


router bgp 46**

no synchronization

bgp log-neighbor-changes

bgp dampening

network 165.*.*.0 mask 255.255.255.0

neighbor 12.*.*.169 remote-as 7**8

neighbor 12.*.*.169 description ** connection - AS7**8

neighbor 12.*.*.169 password ***

neighbor 12.*.*.169 version 4

neighbor 12.*.*.169 soft-reconfiguration inbound

neighbor 12.*.*.169 route-map DENY_BAD_ROUTES in

neighbor 12.*.*.169 maximum-prefix 25000

neighbor 12.*.*.169 filter-list 5 in

neighbor 12.*.*.169 filter-list 1 out

no auto-summary

!

ip route 165.*.*.0 255.255.255.0 Null0

!

ip as-path access-list 1 permit ^$

ip as-path access-list 5 permit ^7**8$


Thanks.


/rls

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 08/28/2008 - 12:16
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Robert,

both filters are applied to incoming routes.

You can think that the output of one filter is used as the input of the next.

The order of application depends on the direction inbound or outbound


if the route-map uses an IP ACL or prefix-list to deny bogons and at the end there is a permit 0.0.0.0/0.

the filter-list uses as-path ACL 5 to permit prefixes with AS path="your.providerAS"


In this case I think what you see is correct because the provider is sending you a default route 0.0.0.0/0 with exactly that AS path as it can be see on first show


In this case the order of filtering shouldn't change the end result but generally speaking it has to be taken in account so I understand your concerns.


If you add a match as-path 5 in the route-map block you can remove the neigh filter-list command and you get the same result in your case.


Hope to help

Giuseppe

Actions

This Discussion