Re: Issue with BGP "neighbor default-originate route-map"

From: Toh Soon, Lim (tohsoon28@gmail.com)
Date: Mon Aug 20 2007 - 14:21:47 ART

Hi All,

To demonstrate all my 3 ACLs are functionally equivalent, say we want to
permit only 140.10.4.0/24 in inbound updates, all the following ACLs work in
the context of "neighbor distribute-list in" :

access-list 90 permit 140.10.4.0
access-list 99 permit 140.10.4.0 0.0.0.255
access-list 199 permit ip host 140.10.4.0 host 255.255.255.0

Just don't know why some of them don't work in the context of "neighbor
default-originate route-map".

Thank you.

Confused,
Lim TS

On 8/21/07, Toh Soon, Lim <tohsoon28@gmail.com> wrote:
>
> Hi Victor,
>
> Please see below:
>
> R7#sh ip ro 140.10.76.0
> Routing entry for 140.10.76.0/24
> Known via "connected", distance 0, metric 0 (connected, via interface)
> Routing Descriptor Blocks:
> * directly connected, via FastEthernet0/0
> Route metric is 0, traffic share count is 1
>
> R7 is a C2621XM running IOS version 12.4(13a) ADVANCED ENTERPRISE.
>
> Your suggestion of "access-list 100 permit ip 140.10.76.0 0.0.0.255
> 255.255.255.0 0.0.0.255 " will match all subnets of 140.10.76.0/24, i.e.
> any of the 140.10.76.x with a mask that ranges from 24 to 32.
>
> As far as extended ACL in BGP route filtering is concerned, my
> "access-list 100 permit ip host 140.10.76.0 host 255.255.255.0" will match
> only 140.10.76.0/24 exactly. Correct me if I'm wrong.
>
> I modified ACL100 to be as follows:
>
> access-list 100 permit ip 140.10.76.0 0.0.0.255 any
>
> This ACL permits 140.10.76.x with any mask. With this, R7 sources BGP
> 0.0.0.0 route to R8. It appears to me we need to define "140.10.76.0
> 0.0.0.255" in order to match the prefix address whether it's in a standard
> or extended ACL. Doing "140.10.76.0 0.0.0.0" never works though
> theoretically it should work. Then again, in my scenario I'm using ACL in
> the context of "neighbor default-originate route-map" and not in "neighbor
> distribute-list".
>
> As for now, I will settle with Method 2 until someone manage to demystify
> this issue.
>
> Group, thanks for all your responses and suggestions.
>
>
> B.Rgds,
> Lim TS
>
>
> On 8/20/07, Victor Cappuccio <vcappuccio@ccbootcamp.com> wrote:
> >
> > Hi Lim
> >
> > for me Method 1 and 3 are working correctly. Can you please send a show
> > ip route 140.10.76.0 on R7
> >
> > for method 3 can you please modify your access-list like
> >
> > access-list 100 permit ip 140.10.76.0 0.0.0.255 255.255.255.0 0.0.0.255
> >
> > I recreated a quick topology using this dynamips configuration
> >
> > R2:
> > c:\Dyn\dynamips-wxp.exe -i 2 -t npe-400 -r 128 -p 1:PA-FE-TX -p
> > 2:PA-FE-TX -p 3:PA-FE-TX -p 4:PA-FE-TX -p 5:PA-FE-TX -p 6:PA-FE-TX -k 40
> > --idle-pc 0x608928c0 -A 3002 -s 2:0:udp:212020: 127.0.0.1:122020 -s
> > 1:0:udp:231010:127.0.0.1:321010 C:\Dyn\I\C7200-IS-.BIN
> >
> > R3:
> > c:\Dyn\dynamips-wxp.exe -i 3 -t npe-400 -r 128 -p 1:PA-FE-TX -p
> > 2:PA-FE-TX -p 3:PA-FE-TX -p 4:PA-FE-TX -p 5:PA-FE-TX -p 6:PA-FE-TX -k 40
> > --idle-pc 0x608928c0 -A 3003 -s 3:0:udp:313030: 127.0.0.1:133030 -s
> > 1:0:udp:321010:127.0.0.1:231010 C:\Dyn\I\C7200-IS-...BIN
> >
> > and for method 3
> >
> > R3#show ip bgp summ
> > BGP router identifier 3.3.3.3, local AS number 300
> > BGP table version is 9, main routing table version 9
> >
> > Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
> > Up/Down State/PfxRcd
> >
> > 128.1.23.2 4 200 40 33 9 0 0
> > 00:19:46 0
> >
> >
> > R2(config)#no access-list 101
> > R2(config)#do show route-map
> > route-map DEFtoR3, permit, sequence 10
> > Match clauses:
> > ip address (access-lists): 101
> > Set clauses:
> > Policy routing matches: 0 packets, 0 bytes
> > R2(config)#
> > *Aug 19 22:40:06.139: BGP: 128.1.23.3 rcv message type 5, length (excl.
> > header)
> > 4
> > *Aug 19 22:40:06.143 : BGP: 128.1.23.3 rcv REFRESH_REQ for afi/sfai: 1/1
> > *Aug 19 22:40:06.143: BGP: 128.1.23.3 start outbound soft reconfig for
> > afi/safi:
> > 1/1
> > R2(config)#
> > 1/1
> > R2(config)#access-list 101 permit ip 2.2.2.0 0.0.0.255 255.255.255.0
> > 0.0.0.255
> >
> > R3#show ip bgp summ
> > BGP router identifier 3.3.3.3, local AS number 300
> > BGP table version is 10, main routing table version 10
> > 1 network entries using 117 bytes of memory
> > 1 path entries using 52 bytes of memory
> > 2/1 BGP path/bestpath attribute entries using 248 bytes of memory
> > 1 BGP AS-PATH entries using 24 bytes of memory
> > 0 BGP route-map cache entries using 0 bytes of memory
> > 0 BGP filter-list cache entries using 0 bytes of memory
> > BGP using 441 total bytes of memory
> > BGP activity 5/4 prefixes, 5/4 paths, scan interval 60 secs
> >
> > Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
> > Up/Down State/PfxRc
> >
> > 128.1.23.2 4 200 42 34 10 0 0
> > 00:20:38 1
> >
> > Now for method 1
> >
> > R2(config)#no access-list 101
> > R2(config)#
> > R2(config)#access-list 1 permit 2.2.2.0 0.0.0.255
> > R2(config)#route-map DEFtoR3
> > R2(config-route-map)#no match ip add 101
> > R2(config-route-map)#mat ip add 1
> > R2(config-route-map)#do clear ip bgp * out
> > R2(config-route-map)#do show ip bgp neigh 128.1.23.3 ad
> >
> > R3#show ip bgp summ
> > BGP router identifier 3.3.3.3, local AS number 300
> > BGP table version is 12, main routing table version 12
> > 1 network entries using 117 bytes of memory
> > 1 path entries using 52 bytes of memory
> > 2/1 BGP path/bestpath attribute entries using 248 bytes of memory
> > 1 BGP AS-PATH entries using 24 bytes of memory
> > 0 BGP route-map cache entries using 0 bytes of memory
> > 0 BGP filter-list cache entries using 0 bytes of memory
> > BGP using 441 total bytes of memory
> > BGP activity 6/5 prefixes, 6/5 paths, scan interval 60 secs
> >
> > Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
> > Up/Down State/PfxRc
> >
> > 128.1.23.2 4 200 48 37 12 0 0
> > 00:22:30 1
> > R3#show ip bgp
> > BGP table version is 12, local router ID is 3.3.3.3
> > Status codes: s suppressed, d damped, h history, * valid, > best, i -
> > internal,
> > r RIB-failure, S Stale
> > Origin codes: i - IGP, e - EGP, ? - incomplete
> >
> > Network Next Hop Metric LocPrf Weight Path
> > *> 0.0.0.0 128.1.23.2 0 0 200 i
> >
> >
> > thanks,
> > Victor Cappuccio.-
> > - CCSI# 31452
> >
> > CCBOOTCAMP - A Cisco Sponsored Organization (SO)
> > vcappuccio@ccbootcamp.com
> > Toll Free: 877-654-2243
> > Direct: +1-702-968-5100 = Outside the USA
> > FAX: +1-702-446-8012
> > YES! We take Cisco Learning Credits!
> > Training And Remote Racks: http://www.ccbootcamp.com
> >
> > Register to win a free iPhone! http://www.ccbootcamp.com/iphone.html
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com on behalf of Toh Soon, Lim
> > Sent: Mon 20-Aug-07 12:58 AM
> > To: ccielab@groupstudy.com
> > Subject: Issue with BGP "neighbor default-originate route-map" command
> >
> > Hi All,
> >
> > I'm trying the BGP "neighbor default-originate route-map" command. R7
> > will
> > inject route 0.0.0.0 to R8 only if there is a route to 140.10.76.0/24.
> > The
> > 140.10.76.0/24 happens to be R7's connected Fa0/0 interface.
> > !
> > router bgp 700
> > neighbor 140.10.78.8 remote-as 800
> > neighbor 140.10.78.8 description *** R8 in AS 800 ***
> > neighbor 140.10.78.8 default-originate route-map DEFtoR8
> > !
> >
> > Method 1
> > --------
> > route-map DEFtoR8 permit 10
> > match ip address 1
> > !
> > access-list 1 permit 140.10.76.0
> >
> > Method 2
> > --------
> > route-map DEFtoR8 permit 10
> > match ip address 10
> > !
> > access-list 10 permit 140.10.76.0 0.0.0.255
> >
> > Method 3
> > --------
> > route-map DEFtoR8 permit 10
> > match ip address 100
> > !
> > access-list 100 permit ip host 140.10.76.0 host 255.255.255.0
> >
> > Method 4
> > --------
> > route-map DEFtoR8 permit 10
> > match ip address prefix-list TEST
> > !
> > ip prefix-list TEST seq 5 permit 140.10.76.0/24
> >
> >
> > Only Methods 2 & 4 successfully source a BGP 0.0.0.0 route to R8 when
> > Fa0/0
> > is up on R7. Can anyone explain why Methods 1 & 3 do not work? The ACL1
> > in
> > Method 1 is the usual way I use to match prefixes and I expect it to
> > work in
> > this scenario.
> >
> > Also, can you enlighten me the difference between ACL1 and ACL10 above
> > in
> > terms of matching prefix 140.10.76.0/24? I was under the impression that
> > ACL1 matches the prefix address 140.10.76.0 exactly because the wildcard
> > mask is 0.0.0.0. I guess I'm wrong here.
> >
> >
> > Thank you.
> >
> > B.Rgds,
> > Lim TS
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:12 ART