BGP conditional advertisemet - NON-EXIST route map's access-list problem

Unanswered Question
Mar 15th, 2009

I am getting full internet route from ISP-1 and getting just a default route from ISP-2. ( Both ISP connection is terminated on the one central site router.) What i am trying to do , to make an ISP-2 connection is completly backup for inbound traffic. To achieve that ,i am trying to use BGP conditional advertisemet configuration. I have got a problem with NON-EXIST route map's access-list. In the NON-EXIST router map i am using the commands which is written below ;

ip as-path access-list 1 permit ^200 !!! (ISP-1 AS number) !!!

access-list 65 permit any !!! (permit any packet from ISP-2) !!!

route-map NON-EXIST permit 10 !!! (this matches any route from AS200) !!!

match ip address 65

match as-path 1

router bgp 10 !!! (My AS number) !!!

neighbor X.Y.Z.W (ISP-2 ip address) advertise-map ADVERTISE non-exist-map NON-EXIST !!! (What is says. This router will only advertise "networks defined in the route-map named ADVERTISE" if and only if "routes that are defined in the route-map named NON-EXISTS" do not appear in the BGP routing table.) !!!

with this configuration when the ISP-1 connection is up , my router still adversite my subnet to the ISP-2. What should i write in the access-list 65 to not advertise my subnet to the ISP-2 until the failure of ISP-1 connection ? ( As i said , i am getting the full internet table from ISP-1.)

Kind Regards...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bdikici.55 Sun, 03/15/2009 - 06:33

For better understanding , i have attached the topology screenshot and the router's configuration files. (By the way , this is a lab config.)


bdikici.55 Sun, 03/15/2009 - 06:55

In the attached Router's configuration ,

access-list 65 permit

command is used and with this command bgp conditional advertisement is working fine.

But when i use ,

access-list 65 permit any

command , the conditional advertisement doesn't work.

Harold Ritter Sun, 03/15/2009 - 16:06


As Milan indicated, you need to track on a specific route for conditional to work. My suggestion would be to change ISP1 to only receive the default, which is sufficient as you want to implement a primary and backup scenario. You can then set the non-existent map to track the default route and as-path coming from ISP1, which should give you what you need. Receiving the full routing table from ISP1 does not add any value in your scenario and does consume way more memory.


bdikici.55 Sun, 03/15/2009 - 17:31

Hello ,

In the future , it is possible to configure some filtering or some other custom configs , that's why one of the ISP's sending a full route , that's not going to be changed.

In this kind of setup , which prefix should i trust from ISP-1 for non-exist route-map's access-list ? I have tried to use subnet between ISP-1 and multihoming router , but no success.

Harold Ritter Sun, 03/15/2009 - 18:05


In this case, I would recommend tracking on a couple of root DNS subnets as these are highly reliable subnets. This can be done by changing your ACL as follow:

access-list 20 permit /* */

access-list 20 permit /* */

access-list 20 permit /* */

access-list 20 permit /* */


bdikici.55 Mon, 03/16/2009 - 00:29

Hi Harold ,

I am going to try your recommendation. Kind Regards...

Burak Dikici


This Discussion