Re: BGP conditional advert - non-exist-map

From: Bit Gossip (bit.gossip@chello.nl)
Date: Tue Apr 03 2007 - 18:05:58 ART

• Next message: premkumar somasundaram: "3550 switches"
• Previous message: ccie anees: "PIM Query-interval"
• Maybe in reply to: Narbik Kocharians: "Re: BGP conditional advert - non-exist-map"
• Next in thread: Narbik Kocharians: "Re: BGP conditional advert - non-exist-map"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Narbik,
can you make an example ......
Thsnks,
Luca.

On Mon, 2007-04-02 at 20:33 -0700, Narbik Kocharians wrote:
> It all depends on what you want to do and what the policy is. You
> should NOT set that as a rule.
>
> On 3/31/07, Bit Gossip <bit.gossip@chello.nl> wrote:
> This is very interesting, better to find out this things now
> than during the
> exam ......
>
> I have labbed the NON-EXIST map with extended ACL and I have
> to confirm that
> it doesn't work.
> To recap the only flavor that seems to work in NON-EXIST map
> is prefix-list
> Below the config for extended ACL
> Thanks,
> Luca.
>
> router bgp 300
> <...>
> neighbor 136.1.245.5 remote-as 200
> neighbor 136.1.245.5 advertise-map T5.5 non-exist-map T5.5NE
> !
> ip prefix-list T5.5 seq 5 permit 136.1.29.0/24
> !
> ip prefix-list T5.5NE seq 5 permit 136.1.23.0/24
> !
> ip access-list standard T5.5NE
> permit 136.1.23.0
> !
> ip access-list extended T5.5NE-EXTENDED
> permit ip host 136.1.23.0 host 255.255.255.0
> !
> route-map T5.5NE permit 10
> match ip address T5.5NE-EXTENDED
> !
> route-map T5.5 permit 10
> match ip address prefix-list T5.5
>
>
> Rack1R2#show ip bgp route-map T5.5
> Network Next Hop Metric LocPrf Weight
> Path
> *> 136.1.29.0/24 0.0.0.0 0 32768 i
>
> Rack1R2#show ip bgp route-map T5.5NE
> Network Next Hop Metric LocPrf Weight
> Path
> *> 136.1.23.0/24 0.0.0.0 0 32768 i
>
> As both AD-MAP and NON-EXIST map are true, the prefix
> 139.1.29/24 should not
> be advertise, but it is!!
> It is not advertised instead when using prefix list in the
> route-map T5.5NE
>
>
>
> ----- Original Message -----
> From: "maureen schaar" <maureen.schaar@gmail.com>
> To: "Sergey Golovanov" <sergey.golovanov@iementor.com>
> Cc: "Bit Gossip" <bit.gossip@chello.nl>;
> <ccielab@groupstudy.com>
> Sent: Saturday, March 31, 2007 8:22 PM
> Subject: Re: BGP conditional advert - non-exist-map
>
>
> > Since I was not aware of this, I decided to test it and
> Sergey is
> > totally correct. However, you can use a standard acl in the
> advertise
> > map, but for the exist-map, it does not work.
> > Below I have put the test results if anyone is interested.
> >
> > I am using this configuration:
> >
> > router bgp xx
> > neighbor 150.2.12.254 advertise-map ADVERTISE exist-map
> EXIST
> > network 2.2.2.0 mask 255.255.255.0
> > network 3.3.3.0 mask 255.255.255.0
> >
> > ip access-list extended EXIST
> > permit ip host 3.3.3.0 any log
> >
> > ip access-list standard ADVERTISE
> > permit 2.2.2.0
> >
> > route-map ADVERTISE permit 10
> > match ip address ADVERTISE
> >
> > route-map EXIST permit 10
> > match ip address EXIST
> >
> > Both the prefixes 2.2.2.0 and 3.3.3.0 exist in the bgp and
> routing table.
> >
> >
> > W2R2#clear ip bgp 150.1.12.254 soft
> > *Mar 31 20:07:17.055: %SEC-6-IPACCESSLOGNP: list EXIST
> permitted 0
> > 3.3.3.0 -> 255.255.255.0, 1 packet
> > *Mar 31 20:07:23.923: BGP(0): 150.1.12.254 2.2.2.0/24
> matches
> > advertise map ADVERTISE, state: Advertise
> >
> > W2R2#sh access-lists EXIST
> > Extended IP access list EXIST
> > 10 permit ip host 3.3.3.0 any log (2 matches)
> >
> >
> > Now when I change the access-list to a standard acl, this
> happens:
> >
> > W2R2(config)#no ip access-list ex EXIST
> > W2R2(config)#ip access-l sta EXIST
> > W2R2(config-std-nacl)#permit host 3.3.3.0
> > W2R2(config-std-nacl)#
> > W2R2#clear ip bgp 150.1.12.254 soft
> >
> > *Mar 31 20:08:34.051: BGP(0): 150.1.12.254 2.2.2.0/24
> matches
> > advertise map ADVERTISE, state: Withdraw
> > *Mar 31 20:08:34.051: BGP(0): 150.1.12.254 send unreachable
> 2.2.2.0/24
> > *Mar 31 20:08:34.051: BGP(0): 150.1.12.254 send UPDATE
> 2.2.2.0/24 --
> unreachable
> >
> > And the prefix 2.2.2.0 is indeed no longer advertised.
> >
> >
> > Maureen
> >
> > On 3/31/07, Sergey Golovanov <sergey.golovanov@iementor.com>
> wrote:
> > > No, it's not true. If using ACL, always use Extended ACL.
> And try to
> always
> > > use a "positive" ACL, that only permits the networks that
> you are trying
> to
> > > specify for the non-exist behavior
> > >
> > >
> ----------------------------------------------------------------------
> > > Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service
> Provider/Storage)
> > > ieMentor Instructor and Content Developer
> > > sergey.golovanov@iementor.com
> > > http://www.iementor.com
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:
> nobody@groupstudy.com] On Behalf Of
> Bit
> > > Gossip
> > > Sent: Saturday, March 31, 2007 9:25 AM
> > > To: ccielab@groupstudy.com
> > > Subject: BGP conditional advert - non-exist-map
> > >
> > > Group,
> > > Is it true that the match condition in a non-exist-map can
> be ONLY a
> > > prefix-list?
> > > The 2 flavors of route-map T5.5NE listed below match one
> and the same
> > > prefix:
> > >
> > > Rack1R2(config-route-map)#do show ip bgp route-map T5.5NE
> > >
> > > Network Next Hop Metric LocPrf
> Weight Path
> > > *> 136.1.23.0/24 0.0.0.0 0
> 32768 i
> > >
> > >
> > > but only the one with the prefix-list match works as a
> non-exist map.
> > > The other one with the acl just advertise the prefix no
> matter what
> > >
> > > Thanks,
> > > Luca.
> > >
> > > PS: what about exist-map?
> > >
> > >
> > >
> > > router bgp 300
> > > neighbor 136.1.245.5 advertise-map T5.5 non-exist-map
> T5.5NE
> > > !
> > > ip prefix-list T5.5NE seq 5 permit 136.1.23.0/24
> > > !
> > > ip access-list standard T5.5NE
> > > permit 136.1.23.0
> > > !
> > > !
> > >
> > > 1 ) ~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > route-map T5.5NE permit 10
> > > match ip address prefix-list T5.5NE
> > >
> > > 2) ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > route-map T5.5NE permit 10
> > > match ip address T5.5NE
> > > !
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
> --
> Narbik Kocharians
> CCIE# 12410 (R&S, SP, Security)
> CCSI# 30832
> Network Learning, Inc. (CCIE class Instructor)
> www.ccbootcamp.com (CCIE Training)

• Next message: premkumar somasundaram: "3550 switches"
• Previous message: ccie anees: "PIM Query-interval"
• Maybe in reply to: Narbik Kocharians: "Re: BGP conditional advert - non-exist-map"
• Next in thread: Narbik Kocharians: "Re: BGP conditional advert - non-exist-map"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:34 ART