From: Jack Heney (jheneyccie@xxxxxxxxxxx)
Date: Tue Nov 07 2000 - 18:03:44 GMT-3
I did clear the bgp table and neighbor relationship each time. Are you also
permitting something when you do this? For instance, if your route-map
says:
route-map cisco deny 10
match ip address 1
route-map cisco permit 20
This route-map will have the effect of denying everything. Because the
match statement doesn't work, the router ignores it...With the match
ignored, everything matches the first clause and everything is denied. So
if you are only sending the router a route to be denied, it appears to work,
but if you send it a route to be denied and a route to be permitted, you
will find that everything gets denied (for IBGP).
Jack
>From: "Sam Munzani" <sam@munzani.com>
>Reply-To: "Sam Munzani" <sam@munzani.com>
>To: "Jack Heney" <jheneyccie@hotmail.com>, <Steve.McNutt@ahlcorp.com>,
><ejastak@gobosh.cc>
>CC: <ccielab@groupstudy.com>
>Subject: Re: BGP Route-maps
>Date: Tue, 7 Nov 2000 14:58:15 -0600
>
>I tried one more time 2 different way.
>
>1. Deny external subnet comming from IBGP neighbor.
>2. Deny internal subnet comming from IBGP neighbor.
>
>In each case it works. Were you doing "clear ip bgp *" when you tried it?
>After each BGP change you have to manually clear bgp table.
>
>Sam
>
>
> > I had the same experience as Steve....It appears to me that this rule
>only
> > applies to IBGP...Here's what I did:
> >
> > R1-------------R2--------------R3-------------
> > 10.4.2.0/24 10.4.1.0/24
> >
> > I put R1 in BGP AS 1 and R2 and R3 in BGP AS 2
> > R3 is injecting both attached networks into BGP
> > R2 has synchronization disabled
> >
> > First, I created the following route-map on R2 and applied it inbound to
>R3
> > (ibgp):
> > route-map cisco deny 10
> > match ip address 1
> > route-map cisco permit 20
> >
> > access-list 1 permit 10.4.1.0 0.0.0.255
> >
> > I expected to see only 10.4.1.0/24 denied, but instead both routes were
> > denied...It appears that the router ignored the match statement (because
>it
> > referenced an IP address) and becuase there was no other match
>statement,
> > both routes matched the first clause and were denied.
> >
> > Then, I removed this route-map from R2 and created the exect same
>route-map
> > on R1 and applied it inbound to R2 (ebgp). R1 learned about the
>10.4.2.0/24
> > network, but not the 10.4.1.0/24 network. When I debug bgp in and debug
>bgp
> > update, the router indicates that the route-map has filtered the
>10.4.1.0/24
> > route.
> >
> > I think this is a pretty simple yet effective experiment, and I would
>love
> > to know what somebody else sees if they replicate it (maybe I'm missing
> > something).
> > Jack
> > >From: "Sam Munzani" <sam@munzani.com>
> > >Reply-To: "Sam Munzani" <sam@munzani.com>
> > >To: "McNutt, Steve" <Steve.McNutt@ahlcorp.com>, "'Eric Jastak'"
> > ><ejastak@gobosh.cc>
> > >CC: <ccielab@groupstudy.com>
> > >Subject: Re: BGP Route-maps
> > >Date: Tue, 7 Nov 2000 13:53:36 -0600
> > >
> > >Not really. Here is my configs and bgp table.
> > >
> > >First is with route-map with filters. Then I removed route-map with
>filter
> > >and you will see 192.168.1.0/24 in bgp table.
> > >
> > >Config with route-map inbound filters:
> > >router bgp 1
> > >
> > >no synchronization
> > >
> > >bgp log-neighbor-changes
> > >
> > >neighbor 132.5.5.5 remote-as 1
> > >
> > >neighbor 132.5.5.5 update-source Loopback9
> > >
> > >neighbor 132.5.5.5 route-map inbound in
> > >
> > >neighbor 132.5.6.6 remote-as 1
> > >
> > >neighbor 132.5.6.6 update-source Loopback9
> > >
> > >neighbor 132.5.6.6 route-map inbound in
> > >
> > >neighbor 132.5.129.2 remote-as 4
> > >
> > >!
> > >
> > >!
> > >
> > >access-list 99 deny 192.168.1.0 0.0.0.255
> > >
> > >access-list 99 permit any
> > >
> > >route-map inbound permit 10
> > >
> > >match ip address 99
> > >
> > >
> > >Config without Route-map inbound filters:
> > >
> > >router bgp 1
> > >
> > >no synchronization
> > >
> > >bgp log-neighbor-changes
> > >
> > >neighbor 132.5.5.5 remote-as 1
> > >
> > >neighbor 132.5.5.5 update-source Loopback9
> > >
> > >neighbor 132.5.6.6 remote-as 1
> > >
> > >neighbor 132.5.6.6 update-source Loopback9
> > >
> > >neighbor 132.5.129.2 remote-as 4
> > >
> > >Just do like this and you will see the results
> > >
> > >Sam
> > >
> > > ----- Original Message -----
> > > From: McNutt, Steve
> > > To: 'Eric Jastak' ; 'Sam Munzani'
> > > Cc: 'ccielab@groupstudy.com'
> > > Sent: Tuesday, November 07, 2000 1:43 PM
> > > Subject: RE: BGP Route-maps
> > >
> > >
> > > I can confirm that the rule does apply to IBGP. I ran into this
>last
> > >night on CCBootcamp lab 12. The rule makes sense given the goal of
>IBGP
> > >is to maintain AS consistancy.
> > >
> > > Lab 12 is cool because it gave me an idea of how confusing things
>can
> > >get when working with confederations. The scoping of some rules are
> > >changed, but some are not, and the confederation makes it harder to
>tell
>if
> > >you are not meeting an AS wide "IBGP" type rule.
> > >
> > > -----Original Message-----
> > > From: Eric Jastak [mailto:ejastak@gobosh.cc]
> > > Sent: Tuesday, November 07, 2000 2:14 PM
> > > To: 'Sam Munzani'
> > > Cc: 'ccielab@groupstudy.com'
> > > Subject: RE: BGP Route-maps
> > >
> > >
> > > I think that rule only applies to iBGP. Was the route-map applied
>to
> > >an iBGP or eBGP neighbor?
> > >
> > > - Eric
> > > -----Original Message-----
> > > From: Sam Munzani [mailto:sam@munzani.com]
> > > Sent: Tuesday, November 07, 2000 10:07 AM
> > > To: ccielab@groupstudy.com
> > > Subject: BGP Route-maps
> > >
> > >
> > > Hi Group,
> > >
> > > As everybody might have read it in Halabi and bunch of other
> > >sources.
> > > "Inbound Route-map does not work when used with matching IP
> > >address". Today I experimented and it works inbound also. Violating the
>BGP
> > >(or Halabi) rule for route-maps.
> > >
> > > Sam
> >
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:43 GMT-3