06-28-2006 02:31 AM - edited 03-03-2019 01:09 PM
Hi all,
I need someone to help me with a redistribution problem with extended BGP communities.
I mailed out in the forums a while back and didn't get a single reply which is rare. I'm sure someone must have done what I'm trying to do. Any help would be greatly appreciated.
I have an MPLS VPN with an EBGP peer between the PE and CE. The CE is running OSPF as it's IGP. The VRF contains VPN routes as well as management routes. I don't want the management routes to be redistributed into the IGP. I don't want to use an ACL to specify individual networks. The management routes are tagged with their own extended communities.
What I've done is configure the EBGP peer to send extended communities through to the CPE. I've then got a route-map tied to the OSPF redistribution process and I'm trying to block the management extended communities and permit everything else. Some routes may have more than have extended community but if it has it at all I don't want the route redistributed. I've tried this a number of ways but it either denies all routes or permits everything.
Example:
Management Extended Community: 64512:1
All these don't work:
---
router ospf 1
redistribute bgp 64513 metric 1 metric-type 1 subnets route-map BLOCK-MANAGEMENT
!
ip extcommunity-list standard MANAGEMENT permit rt 64512:1
route-map BLOCK-MANAGEMENT deny 10
match extcommunity MANAGEMENT
!
---
router ospf 1
redistribute bgp 64513 metric 1 metric-type 1 subnets route-map BLOCK-MANAGEMENT
!
ip extcommunity-list standard MANAGEMENT permit rt 64512:1
route-map BLOCK-MANAGEMENT deny 10
match extcommunity MANAGEMENT
!
route-map BLOCK-MANAGEMENT permit 20
---
router ospf 1
redistribute bgp 64513 metric 1 metric-type 1 subnets route-map BLOCK-MANAGEMENT
!
ip extcommunity-list standard MANAGEMENT deny rt 64512:1
route-map BLOCK-MANAGEMENT permit 10
match extcommunity MANAGEMENT
!
route-map BLOCK-MANAGEMENT deny 20
---
Would something like this work?
ip extcommunity-list expanded MANAGEMENT deny _64512:1_
ip extcommunity-list expanded MANAGEMENT permit .*
Could that deny any route that has 64512:1 in it and permit everything else?
I think the problem I'm having is that the routes have more than one extended community and I think the standard extcommunity-list is looking at the entire list rather than the individual entries. Could someone confirm that?
Any help would be greatly appreciated.
Thanks,
Mike
06-28-2006 04:20 AM
Hi,
I haven't used ip extcommunity-list, but try this:
!
ip extcommunity-list 1 permit rt 64512:1
!
!
route-map BLOCK-MANAGEMENT deny 10
match extcommunity 1
!
route-map BLOCK-MANAGEMENT permit 20
!
Hope this helps
Regards
Andrea
06-28-2006 06:07 AM
Hi Andrea,
I tried that a while back but it's expecting a named extended community list. Thanks for replying through.
router(config)#route-map BLOCK-MANAGEMENT deny 10
router(config-route-map)#mat
router(config-route-map)#match ex
router(config-route-map)#match extcommunity ?
WORD ext community-list name
Regards,
Mike
06-28-2006 04:45 AM
Hi Mike,
some comments on your configs:
1) did you enable community propagation between PE and CE? The default BGP behaviour is to strip off communities when sending updates. Can you check on the CE, whether the community is present (show ip bgp a.b.c.d)?
2) use stadard communities, your CE might not be able to handle route targets:
PE:
router bgp 65000
address-family ipv4 vrf Customer
neighbor 10.1.1.1 remote-as 65001
neighbor 10.1.1.1 send-community
neighbor 10.1.1.1 route-map NMScomm out
exit-address-family
ip extcommunity-list standard MANAGEMENT permit rt 64512:1
route-map NMScomm permit 10
match extcommunity MANAGEMENT
set community 65000:161
CE:
router ospf 1
redistribute bgp 64513 metric 1 metric-type 1 subnets route-map BLOCK-MANAGEMENT
ip community-list standard StdNMS permit 64512:1
route-map BLOCK-MANAGEMENT deny 10
match community StdNMS
!
route-map BLOCK-MANAGEMENT permit 20
This way you will search for a standard community and therefore not interfere with RTs. Off course you need to adjust IP addresses, AS, names and the like to your environment. Tell me, whether it worked out for you.
Hope this helps! Please rate all posts.
Regards, Martin
06-28-2006 07:11 AM
Hi Martin,
Thanks for your help. A normal community can't take an RT. It only allows a AA:NN value. I've managed to sort it out another way. I've changed it from extended to standard communities and my route-map tags the outbound management routes with "no-advertise". I was surprised to see that's all I needed to do. BGP isn't advertising the management routes into OSPF with no additional configuration.
Regards,
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide