Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BGP As-path not working as per expectation??

Hi,

My LAB has three AS 100 ,200,300 ...I want to permit only AS 200 to R3(AS 300),but when I checked R8,R7 which are belong to AS 100 are also able to see inside networks of AS 300.

Please help me in this.

I attached config and diagram with this message.

Thanks,

Anand Solgama

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

BGP As-path not working as per expectation??

Hi Anand,

You currently only accept routes from AS200 on R3 but R1 accepts any routes, which explains why AS100 and AS300 can communicate with one another.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
19 REPLIES
Cisco Employee

BGP As-path not working as per expectation??

Hi Anand,

You currently only accept routes from AS200 on R3 but R1 accepts any routes, which explains why AS100 and AS300 can communicate with one another.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

BGP As-path not working as per expectation??

You are right AS 100 can come from R1 side too but in my LAB why it is coming from R3 side where I already block it still AS 100 can see AS 300

New Member

BGP As-path not working as per expectation??

And yes it is not going from R1 but that is not my worry ,I am worry because AS 100 should not pass AS 300 on R3 where I used ip as-path permit ^200$ command

Cisco Employee

BGP As-path not working as per expectation??

Hi Anand,

Did you clear the session after applying the policy ("clear ip bgp * soft in" on R3)? Also after clearing the session, could you post the "show ip bgp " output from R3 for one of the prefixes learned from AS100 if you still see them.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

BGP As-path not working as per expectation??

This is output of R3 wher I specified as-path command to permit only AS 200 !!!!

R3#sh ip bg

R3#sh ip bgp

BGP table version is 13, local router ID is 192.168.3.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 10.10.10.0/24    112.112.112.1            1         32768 ?

*  11.11.11.0/24    11.11.11.2               0             0 200 i

*>                  0.0.0.0                  0         32768 i

*> 12.12.12.0/24    112.112.112.2           65         32768 ?

*> 13.13.13.0/24    112.112.112.1          129         32768 ?

*> 14.14.14.0/24    112.112.112.1           20         32768 ?

*> 111.111.111.0/24 112.112.112.1          128         32768 ?

*> 112.112.112.0/24 0.0.0.0                  0         32768 ?

*> 192.168.1.0      112.112.112.1           74         32768 ?

*> 192.168.2.0      112.112.112.2           74         32768 ?

*> 192.168.3.0      0.0.0.0                  0         32768 ?

*> 200.200.200.0    112.112.112.1            1         32768 ?

*> 201.201.201.0    11.11.11.2               0             0 200 i

Cisco Employee

BGP As-path not working as per expectation??

Hi Anand,

The only two routes that are received from R9 via BGP are 11.11.11.0/24 and 201.201.201.0/24 and they respect the filter you have put in place. All other routes are locally originated (weight 32768) and probably redistributed from OSPF.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

BGP As-path not working as per expectation??

You are right great observation thanks but still why 14.14.14.0/24 network still showing in R7 and R8 (AS 100) from R9.???

R8#sh ip bgp

BGP table version is 17, local router ID is 201.201.201.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

* i10.10.10.0/24    10.10.10.1               0    100      0 i

*>                  0.0.0.0                  0         32768 i

*> 11.11.11.0/24    201.201.201.2            0             0 200 i

*  12.12.12.0/24    201.201.201.2                          0 200 300 ?

*>i                 10.10.10.1              65    100      0 300 ?

*>i13.13.13.0/24    10.10.10.1              65    100      0 300 ?

*                   201.201.201.2                          0 200 300 ?

*> 14.14.14.0/24    201.201.201.2                          0 200 300 ?

*  111.111.111.0/24 201.201.201.2                          0 200 300 ?

*>i                 10.10.10.1               0    100      0 300 ?

*  112.112.112.0/24 201.201.201.2                          0 200 300 ?

*>i                 10.10.10.1               0    100      0 300 ?

*  192.168.1.0      201.201.201.2                          0 200 300 ?

*>i                 10.10.10.1               0    100      0 300 ?

*  192.168.2.0      201.201.201.2                          0 200 300 ?

*>i                 10.10.10.1              74    100      0 300 ?

*>i192.168.3.0      10.10.10.1              74    100      0 300 ?

   Network          Next Hop            Metric LocPrf Weight Path

*                   201.201.201.2                          0 200 300 ?

*>i200.200.200.0    10.10.10.1               0    100      0 i

*  201.201.201.0    201.201.201.2            0             0 200 i

*>                  0.0.0.0                  0         32768 i

R7#sh ip bgp

BGP table version is 17, local router ID is 200.200.200.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

* i10.10.10.0/24    10.10.10.2               0    100      0 i

*>                  0.0.0.0                  0         32768 i

*>i11.11.11.0/24    10.10.10.2               0    100      0 200 i

*> 12.12.12.0/24    200.200.200.2           65             0 300 ?

*> 13.13.13.0/24    200.200.200.2           65             0 300 ?

*>i14.14.14.0/24    10.10.10.2               0    100      0 200 300 ?

*> 111.111.111.0/24 200.200.200.2            0             0 300 ?

*> 112.112.112.0/24 200.200.200.2            0             0 300 ?

*> 192.168.1.0      200.200.200.2            0             0 300 ?

*> 192.168.2.0      200.200.200.2           74             0 300 ?

*> 192.168.3.0      200.200.200.2           74             0 300 ?

*  200.200.200.0    200.200.200.2            0             0 300 i

*>                  0.0.0.0                  0         32768 i

*>i201.201.201.0    10.10.10.2               0    100      0 i


New Member

BGP As-path not working as per expectation??

I guess because 14.14.14.0/24 network has no route from R1 side so it chooses R3, because on R3 I redistribute external route also of OSPF but not on R1 side and 14.14.14.0/24 is RIP network in my LAB ...So In short R7,R8 can reach to my 14.14.14.0/24 network through R9-->R3 path.....

But here also it should be stoped by my as-path and route-map which allow only AS 200 not AS 100

Cisco Employee

BGP As-path not working as per expectation??

Anand,

R3 filters routes inbound from R9. Routes advertised from R3 to R9 are not filtered, so there is no reason for 14.14.14.0/24 not to be advertised to R9 (AS200) and then to R7 and R8 (AS100).

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

BGP As-path not working as per expectation??

Ok u mean I have to use outbound filter but if I use it effects on R9 as well but why only 14.14.14.0/24 network is in R7 thorugh AS 200 why not all???

Cisco Employee

BGP As-path not working as per expectation??

Anand,

Well as you mentioned, 14.14.14.0/24 is not know via ospf on R1 and doesn't get redistributed in BGP. On the other hand, 14.14.14.0/24 does get redistributed in BGP on R3, which makes it the only BGP path advertised to R9 and then to R7 and R8, hence these routers selecting the path via AS200.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

BGP As-path not working as per expectation??

Thanks last question friend u helped me a lot that is there any way to stop that AS 100 to see 14.14.14.0/24 ???

And yes ur reply means that if I advertise from AS 300  to AS 200 from there it reachs to AS 100 means my as-path ^200$ permit command fail. and allow AS 100 as well

I have one option can I use community no-advrtise but I guess it will stop to advertise to AS 200  as well!!!!

Cisco Employee

BGP As-path not working as per expectation??

Anand,

> Thanks last question friend u helped me a lot that is there any way

> to stop that AS 100 to see 14.14.14.0/24 ???

You are welcome. There are many way to prevent 14.14.14.0/24 from being learnt in AS100. In my last message, I suggested you apply on R8 bgp session to R9 the same inbound filter you have on R3 bgp session to R9.

> And yes ur reply means that if I advertise from AS 300  to AS 200 from

> there it reachs to AS 100 means my as-path ^200$ permit command fail.

> and allow AS 100 as well

No, the as-path filter does not fail. You need to remember that the filter on R3 is inbound and therefore only affects routes learned from R9 and not the routes advertised to R9.

> I have one option can I use community no-advrtise but I guess

> it will stop to advertise to AS 200  as well!!!!

Again, my suggestion would be to add on R8 bgp session to R9, the same filter you have on R3 bgp session to R9.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

BGP As-path not working as per expectation??

In short I am saying that why my as-path command not stoping any routes coming from AS 100 because I only allowed AS 200 not 100 ....it is like I want to allow specified person ABC but not any one like XYZ

New Member

BGP As-path not working as per expectation??

If u can suggest me command will be great help

Thanks,

Cisco Employee

BGP As-path not working as per expectation??

Anand,

If I understand you correctly , you do not want AS200 to become a transit AS between AS100 and AS300, right? You have already applied filtering on R3 to ensure that AS300 will not use AS200 as a transit AS to AS100. You now have to apply the same filtering on R8 for the bgp session to R9 to ensure AS200 does not become a transit AS to AS300.

Another way to address that without changing R3 and R8 would be to configure R9 to only advertise the local routes (^$) to both R3 and R8. This would have the same effect.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

BGP As-path not working as per expectation??

My previous comment about last question I typed before see ur last post So now I get it These two ways

one ---Config on R8

second----Config local as advertise on R9 thanks

Freind Thanks a lot for your great help ,I sent you request in linkedin too pls accept it I checked about you that you have

14 years of experience and you have CCIE ( R and S,SP) OMG!!!!

So,I believe on you about answers

Cisco Employee

BGP As-path not working as per expectation??

You are very welcome Anand. Thanks for the kind words

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

BGP As-path not working as per expectation??

Yes I always do cle ip bg * command to clear to make sure connection come with new settings 

325
Views
13
Helpful
19
Replies