Hello , The main problem is which prefix should i track ? I can't use the infrastructe subnet between my router and ISP-1 router , because it is directly connected and it is in the routing table , not in the bgp table. I was thinking on that , then i have decided to use reliable root DNS servers subnets to track with acl or prefix-list , for example ;
access-list 20 permit 198.41.0.0 0.0.0.255 /* a.root-servers.net */ access-list 20 permit 192.228.79.0 0.0.0.255 /* b.root-servers.net */ access-list 20 permit 192.33.4.0 0.0.0.255 /* c.root-servers.net */ access-list 20 permit 128.8.0.0 0.0.255.255 /* d.root-servers.net */ what do you think about this idea ? Burak Dikici On Thu, Mar 19, 2009 at 2:48 PM, Burak Dikici <[email protected]> wrote: > Sorry about my late reply. I am very busy these days with another project. > I am going to test your recommendations in a few days , and going to reply > back to you. Thank you all. Kind Regards... > > Burak Dikici > > > > On Wed, Mar 18, 2009 at 12:04 AM, <[email protected]> wrote: > >> >> The prefix-list within the Non-Exist clause also has to *exactly* match >> the prefix in the bgp table.. >> Regards, >> ./Randy >> >> >> >> >> *"Ivan Pepelnjak" <[email protected]>* >> Sent by: [email protected] >> >> 03/17/2009 02:20 PM >> To >> "'Dale Shaw'" >> <[email protected]<dale.shaw%[email protected]>>, >> "'Burak Dikici'" <[email protected]> cc >> [email protected] Subject >> Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route >> map'saccess-list problem >> >> >> >> >> >> Did some tests on the NON-EXIST-MAP with 12.2SRC. I was spreading wrong >> rumors, time to fix them: >> >> * The route-map checks the routes in the BGP table (_not_ in the IP >> routing >> table). Dale was right. >> * It can take a while for the routes to be advertised/withdrawn; the >> non-exist-map is checked only at the BGP scan intervals (60 seconds by >> default, can be adjusted). >> * You can use a combination of an access-list and AS-path access-list in >> the >> route-map. >> >> The handling of standard access-lists used in the "match ip address" >> route-map condition is a bit weird, though: >> >> * "permit any" does _NOT_ work. >> * "permit prefix 0.0.0.0" (which gets translated into "permit prefix" in >> standard ACL) does _NOT_ work. >> * fancy wildcard tests (for example "permit 0.0.0.0 127.255.255.255) do >> _NOT_ work >> >> It looks like: >> >> * the IP prefix in the BGP table must match the address in the ACL exactly >> (wildcard bits are ignored). >> * ... but you still need the wildcard bits (inverted netmask) for the >> match >> to work. >> >> For example: if you want to match 10.8.8.0/24, you have to use "permit >> 10.8.8.0 0.0.0.255". "permit 10.8.8.0" or "permit 10.8.0.0 0.0.255.255" do >> _NOT_ work. >> >> Left to do: tests with the ip prefix-list instead of IP access list (and >> no, >> I will NOT test extended ACL :). >> >> Hope this helps >> Ivan >> >> > -----Original Message----- >> > From: Dale Shaw >> > [mailto:[email protected]<dale.shaw%[email protected]>] >> >> > Sent: Sunday, March 15, 2009 11:33 PM >> > To: Burak Dikici >> > Cc: [email protected] >> > Subject: Re: [c-nsp] BGP conditional advertisemet - NON-EXIST >> > route map'saccess-list problem >> > >> > Hi Burak, >> > >> > On Mon, Mar 16, 2009 at 12:06 AM, Burak Dikici >> > <[email protected]> wrote: >> > > i am trying to use >> > > BGP conditional advertisemet configuration. I have got a >> > problem with >> > > NON-EXIST route map's access-list. In the NON-EXIST router map i am >> > > using the commands which is written below ; >> > >> > Here are some notes I made recently when playing with BGP >> > conditional advertising. I hope it helps. >> > >> > 1.) prefixes matched in advertise-map and exist/non-exist map >> > must exist (or not) in the *BGP* table >> > however: they do not need to be locally originated (e.g. R1 >> > can match routes received from R2 and advertise (or not) to R3 >> > and: the validity of the prefix in the BGP table (i.e. >> > RIB-failure) doesn't matter. if there's there, and using >> > exist-map, the condition is met. >> > >> > 2.) when using 'exist' map, prefixes matched by advertise-map >> > are advertised when exist-map condition is met >> > example: advertise 1.0.0.0/8 (advertise-map) from BGP table when >> > 3.20.20.0/24 (exist-map) exists in BGP table >> > >> > 3.) when exist 'non-exist' map, prefixes matched by >> > advertise-map are advertised when non-exist-map condition is met >> > example: advertise 1.0.0.0/8 (advertise-map) from BGP table when >> > 3.20.20.0/24 (non-exist-map) does NOT exist in BGP table >> > >> > 4.) prefixes matched in advertise-map are the only prefixes >> > affected -- other prefixes that may exist are advertised (or >> > not) as normal >> > >> > 5.) when dealing with conditional advertisement tasks, always >> > consider what will happen normally (without any config) >> > >> > I'd be happy to be corrected, but I think the first point is >> > contrary to what Ivan said. Also consider point #4 -- BGP >> > conditional advertising is not strictly a route filtering >> > mechanism, although it can be configured to achieve similar results. >> > >> > cheers, >> > Dale >> > >> > >> >> _______________________________________________ >> cisco-nsp mailing list [email protected] >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> >> > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
