BGP Outbound as-path filter-list My AS only not using default ^$

Answered Question
Oct 5th, 2009

Goal: I need to ensure that I am only advertising my AS.

Problem: When I apply my "filter-list" BGP stops advertising all routes!

Configuraton:

router bgp 127001

bgp log-neighbor-changes

neighbor remote-as 127002

neighbor -Some IP- activate

neighbor -Some IP- send-community

neighbor -Some IP- soft-reconfiguration inbound

neighbor -Some IP- prefix-list OUTBOUND out

neighbor -Some IP- route-map PEER1-OUT out

neighbor -Some IP- filter-list 65 out

neighbor -Some IP- password YEEHAW!

!

ip as-path access-list 65 permit ^127001$

My prefix-list works correctly but my as-path/filter-list does not. The result of the failed entries below is 0 advertised routes/prefixes to that peer!!

Attempts:

This works but it is not limited to just my AS and relies on the prefix-list. Note, I have used this for years and it has failed me several times resulting in my upstream ISP dropping my connection. I don't want to see any responses about how ^$ should only advertise my AS. I want to manually specify my AS and in the near future another peer's AS.

ip as-path access-list 65 permit ^$

These all fail:

ip as-path access-list 65 permit ^127001$

ip as-path access-list 65 permit _127001_

ip as-path access-list 65 permit (127001)

ip as-path access-list 65 permit *127001*

The first one should work! What's my problem?

I do have a route-map applied to his peer but it is only for sending communities. Would this be a problem?

route-map PEER1-OUT permit 10

set community 701:1150 7018:1250 :801 127002:1150 127002:1250 127002:1350 127002:1450 127002:2201 127002:2301

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 7 years 2 months ago

Hello Justin,

as Jon has noted your AS number is added when your router advertises the prefixes.

the check is made before in another table.

BGPv4 specifications RFC 1771 calls for different tables RIBs

input RIB, local RIB, output RIB.

this has to be taken in account.

BGP as path filtering happens in the local RIB, your AS number is added in the output RIB.

I see you are using 4bytes AS numbers (or these are placeholders numbers for your safety).

>> I do have a route-map applied to his peer but it is only for sending communities. Would this be a problem?

no the end result is an end of all filters towards the neighbors

I would put all criteria in the route-map for clarity.

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Jon Marshall Mon, 10/05/2009 - 11:12

Justin

"I don't want to see any responses about how ^$ should only advertise my AS."

Unfortunately that is the way to do it. All you other matches don't work because when the network is checked against the filter-list the AS has not been added in. So the router sees it without an AS path if the route has been originated within that AS.

When the neighbor receives the route it will then have your AS in the path so all your as-paths regexs with your AS in it would only be relevant on the neighbor.

Jon

xcz504d1114 Mon, 10/05/2009 - 11:20

First thing that sticks out in my mind is your AS, did you use "127001" to mask your AS or are you really using that as your AS?

BGPv4 only supports integers in the range of 1 - 65535, there is an RFC 4893 that supports 32bit AS numbers, but that is represented in xx.yy format, but I'm always happy to learn something new.

As for your as-path statements, other than the AS number, they seem right to me.

Craig

Correct Answer
Giuseppe Larosa Mon, 10/05/2009 - 11:26

Hello Justin,

as Jon has noted your AS number is added when your router advertises the prefixes.

the check is made before in another table.

BGPv4 specifications RFC 1771 calls for different tables RIBs

input RIB, local RIB, output RIB.

this has to be taken in account.

BGP as path filtering happens in the local RIB, your AS number is added in the output RIB.

I see you are using 4bytes AS numbers (or these are placeholders numbers for your safety).

>> I do have a route-map applied to his peer but it is only for sending communities. Would this be a problem?

no the end result is an end of all filters towards the neighbors

I would put all criteria in the route-map for clarity.

Hope to help

Giuseppe

Actions

This Discussion