BGP -route filtering route-map

Unanswered Question
Feb 24th, 2010
User Badges:

Hi,

Please see the following configurationin regard to BGP


IP access-list std pune

deny 10.1.1.0 0.0.0.0  ( exact mach for 10.1.1.0/24 )

permit any


route-map back permit 10

match ip address pune


router bgp 100

neighbor 192.168.1.1 remote-as 100

neighbor 192.168.1.1 route-map back out ( aggrigate route stopped to 192.168.1.1 neighbor )

aggregate-address 10.1.1.0 255.255.255.0 ( aggrigate route to all neighbors )

network 10.10.2.0 mask 255.255.255.0  ( local network )


Adv networks to 192.168.1.1 are :


Router#sh ip bgp nei 192.168.1.1 ad
BGP table version is 67, local router ID is 10.10.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete


   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.2.0/24     0.0.0.0                  0         32768 i


Total number of prefixes 1



This is expected : 10.1.1.0 /24 is blocked .



But now if I add second statement in route-map back as follows



route-map back permit 20  :    Weh this line is added it starts advertizing even the blocked network ( 10.1.1.0 /24 as seen in the following

output )



Router#sh ip bgp nei 192.168.1.1 ad
BGP table version is 81, local router ID is 10.10.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete


   Network          Next Hop            Metric LocPrf Weight Path
*> 10.1.1.0/24      0.0.0.0                       100  32768 i ----------------------------> ( why this subnet is adv. even though it was blocked in first line )
*> 10.10.2.0/24     0.0.0.0                  0         32768 i


Total number of prefixes 2



Adding second line to route-map is negating the block action in the first line ? Is it because the same subnet is aggregated here in this case

10.1.1.0 /24 ?


Please share the experience.


Thanks

Subodh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Wed, 02/24/2010 - 12:06
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Subodth,

it is probably the logic of the route-map that allows for this.


if you would use a different route-map like:


access-list 11 permit 10.10.1.0 0.0.0.55


route-map block10 deny 10

match access-list 11

route-map block10 permit 20


in your route-map the 10.10.1.0/24 prefix is denied in an ACL , that is then used on a permit route-map statement.


so net 10.10.1.0 is not removed from the list of possible prefixes to be advertised, and it is then permitted by second route-map block.


using a deny route-map block should allow to put the prefix 10.10.1.0/24 in a sort a waste bin and does not leave it available to be permitted by a later route map block.


Hope to help

Giuseppe

Actions

This Discussion