Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BGP -route filtering route-map

Hi,

Please see the following configurationin regard to BGP

IP access-list std pune

deny 10.1.1.0 0.0.0.0  ( exact mach for 10.1.1.0/24 )

permit any

route-map back permit 10

match ip address pune

router bgp 100

neighbor 192.168.1.1 remote-as 100

neighbor 192.168.1.1 route-map back out ( aggrigate route stopped to 192.168.1.1 neighbor )

aggregate-address 10.1.1.0 255.255.255.0 ( aggrigate route to all neighbors )

network 10.10.2.0 mask 255.255.255.0  ( local network )

Adv networks to 192.168.1.1 are :

Router#sh ip bgp nei 192.168.1.1 ad
BGP table version is 67, local router ID is 10.10.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.2.0/24     0.0.0.0                  0         32768 i

Total number of prefixes 1

This is expected : 10.1.1.0 /24 is blocked .

But now if I add second statement in route-map back as follows

route-map back permit 20  :    Weh this line is added it starts advertizing even the blocked network ( 10.1.1.0 /24 as seen in the following

output )

Router#sh ip bgp nei 192.168.1.1 ad
BGP table version is 81, local router ID is 10.10.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.1.1.0/24      0.0.0.0                       100  32768 i ----------------------------> ( why this subnet is adv. even though it was blocked in first line )
*> 10.10.2.0/24     0.0.0.0                  0         32768 i

Total number of prefixes 2

Adding second line to route-map is negating the block action in the first line ? Is it because the same subnet is aggregated here in this case

10.1.1.0 /24 ?

Please share the experience.

Thanks

Subodh

1 REPLY
Hall of Fame Super Silver

Re: BGP -route filtering route-map

Hello Subodth,

it is probably the logic of the route-map that allows for this.

if you would use a different route-map like:

access-list 11 permit 10.10.1.0 0.0.0.55

route-map block10 deny 10

match access-list 11

route-map block10 permit 20

in your route-map the 10.10.1.0/24 prefix is denied in an ACL , that is then used on a permit route-map statement.

so net 10.10.1.0 is not removed from the list of possible prefixes to be advertised, and it is then permitted by second route-map block.

using a deny route-map block should allow to put the prefix 10.10.1.0/24 in a sort a waste bin and does not leave it available to be permitted by a later route map block.

Hope to help

Giuseppe

517
Views
0
Helpful
1
Replies