route-map confusion? what am i doing wrong?

Unanswered Question
Jul 28th, 2010
User Badges:

Hi Guru's,


Im trying to block a particular subnet 10.20.30.0/28 from coming into my router from an ebgp peer.  I want to accept all else and mark as a community 1:10.  But for some reason i cant seem to block it.


My configuration


##BGP CONFIG###


neighbor 192.168.1.1 route-map Import-BGP in


##ROUTE-MAP and Access-List##


ip access-list standard Deny-Address
permit 10.20.30.0 0.0.0.15
!
route-map Import-BGP deny 5
match ip address Deny-Address
!
route-map Import-BGP permit 10
set community 1:10


---------------------------------------------------


what seems to happen is that the address 10.20.30.0/28 is still coming in when i run the "show bgp all nei 192.168.1.1 received-routes" command but compared to all the othe incoming prefixes, doesnt seemed to be marked with community 1:10.


How do i block this one prefix from coming into my router completely?


Thanks in advance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
chanukavitanachy Thu, 07/29/2010 - 00:14
User Badges:

Ok Solved...


Everythig i was doing was right.


But.. few things to know.


the "show bpg all neighbor x.x.x.x received-routes" command shows you all incoming routes prior to applying the route map.


You need to view the actual route table to ensure that the route is not installed.  so you may see this:


ROUTER#show ip bgp vpnv4 vrf BOB 10.20.30.0
BGP routing table entry for 64xx1:10.20.30.0/28, version 2657
Paths: (2 available, no best path)
  Not advertised to any peer
  64xx2, (received-only)
    192.168.1.x from 192.168.1.x
      Origin incomplete, metric 1, localpref 100, valid, external
  64xx2, (received-only)
    192.168.1.x from 192.168.1.x
      Origin incomplete, metric 1, localpref 100, valid, external


This command seems to display the entire BGP database.  You will notice that the entry of the route im blocking only appears to show (received  only).  This tells us that the route is received but was not installed due to my route map deny.  All other routes not matching were successfully installed with the correct community set.  So all is good again.


To see if the route is installed, always best to you the show ip route command.


ROUTER#show ip route vrf BOB 10.20.30.0


Routing Table: MEDIA
% Subnet not in tabl



Perhaps a guru may be able to confirm this.

Actions

This Discussion