Well Problem solved ... Infact i wanted a no export function but Con was right .... I wasnt advertising the attribute between IBGP neighbors thanks all
On 10/20/07, Michael Liu <[EMAIL PROTECTED]> wrote: > > > you should use no-advertise, NOT no-export. > > no-export means it will sent to next ebgp, from that ebgp neighbor, it > will not send out. > > hope this help.. > > ~ml > > > > ------------------------------ > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED]; [email protected] > Date: Fri, 19 Oct 2007 19:37:57 +0100 > Subject: Re: [OSL | CCIE_RS] BGP communties problem > > Just a quick stab in the dark - but have you configured AS2 (R1, R2 and > R3) to send communities to each other within the iBGP mesh?. > > I know the community attribute is transitive - but as it's an optional > transitive - perhaps it could be worth a shot just to rule it out. > > ------------------------------ > *From:* [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] *On Behalf Of *Badar Farooq > *Sent:* Friday, 19 October 2007 19:08 > *To:* [email protected] > *Subject:* [OSL | CCIE_RS] BGP communties problem > > > here is the scenario > > R4 is in AS 3 > R5 is in AS 1 > R1, 2, 3 are in AS 2 > > R4 has an ethernetnet link to R1 > > R5 has a frame relay link to R2 > > R1, R3, R2 are in full mesg IBGP > > R4 advertises network 204.12.1.0/24 into bgp and R5 advertises > 155.1.5.0/24 into bgp > The goal is to stop R4 and R5 to see each other's advertised networks, yet > R1, R2, R3, should be able to access the advertised networks... > > Here is my configuration > > > R5: > router bgp 1 > no synchronization > bgp log-neighbor-changes > network 155.1.5.0 mask 255.255.255.0 > neighbor 155.1.0.2 remote-as 2 > neighbor 155.1.0.2 send-community > neighbor 155.1.0.2 route-map SET-COMMUNITY out > no auto-summary > ! > access-list 1 permit 155.1.5.0 0.0.0.255 > ! > route-map SET-COMMUNITY permit 10 > match ip address 1 > set community no-export > ! > route-map SET-COMMUNITY permit 20 > > R4: > > router bgp 3 > no synchronization > bgp log-neighbor-changes > network 204.12.1.0 > neighbor 155.1.146.1 remote-as 2 > neighbor 155.1.146.1 send-community > neighbor 155.1.146.1 route-map SET-COMMUNITY out > no auto-summary > ! > access-list 1 permit 204.12.1.0 0.0.0.255 > ! > route-map SET-COMMUNITY permit 10 > match ip address 1 > set community no-export > ! > route-map SET-COMMUNITY permit 20 > ! > > > Now everything appears to be fine as I check on R1 and R2 which are > neighbors of R4 and R5 respectively > > > R1#sh ip bgp 204.12.1.0 > BGP routing table entry for 204.12.1.0/24, version 3 > Paths: (1 available, best #1, table Default-IP-Routing-Table, not > advertised to > EBGP peer) > Advertised to update-groups: > 1 > 3 > 155.1.146.4 from 155.1.146.4 (204.12.1.4) > Origin IGP, metric 0, localpref 100, valid, external, best > *Community: no-export > * > And > > R2#show ip bgp 155.1.5.0 > BGP routing table entry for 155.1.5.0/24 , version 2 > Paths: (1 available, best #1, table Default-IP-Routing-Table, not > advertised to > EBGP peer) > Advertised to update-groups: > 2 > 1 > 155.1.0.5 from 155.1.0.5 (155.1.5.5) > Origin IGP, metric 0, localpref 100, valid, external, best > *Community: no-export* > ** > ** > ** > But still R5 and R4 see these routes in their routing table and are able > to ping each other… > > > > R4#show ip bgp > BGP table version is 8, local router ID is 204.12.1.4 > Status codes: s suppressed, d damped, h history, * valid, > best, i - > internal, > r RIB-failure, S Stale > Origin codes: i - IGP, e - EGP, ? - incomplete > > Network Next Hop Metric LocPrf Weight Path > *> *155.1.5.0/24 155.1.146.1 0 2 1 i > **> 155.1.37.0/24 155.1.146.1 0 2 i > *> 204.12.1.0 0.0.0.0 0 32768 i > > > ** > ** > *Now R4 shouldn't be able to see 155.1.5.0/24 network but it does :S* > > > R4#ping 155.1.5.5 source 204.12.1.4 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 155.1.5.5, timeout is 2 seconds: > Packet sent with a source address of 204.12.1.4 > !!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = > 108/213/316 m > > > Same is the case with R5. It sees and reaches network advertised by R4… > Any help will be appreciated… > > Best Regards > Muhammad Badar > > > ------------------------------ > Help yourself to FREE treats served up daily at the Messenger Café. Stop > by > today!<http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline> >
