On 10/20/2011 18:14, Gert Doering wrote: >> The scheme is a bit more complicated, in fact, something like: >> --- R4-AS2 --- >> ClientA---> AS4 R1-AS1--(ibgp)--R2-AS1---> R3-AS3 >> --- R5-AS3 --- >> We use the same operator (AS3) to organize 2 independent VPN's >> for magistral and regional services. >> >> The problem here looks that AS3 is present already in the path, >> so the prefixes are not advertised into another VPN.
> Indeed. Actually, they are usually advertised these days, but > then dropped on *import* by AS3. > You can configure the AS3 router allow incoming paths that already have > AS3 in the path with "neighbor ... allowas-in" - but that will defeat > BGP loop-detection, so be careful with what you're asking for. Yes. But still I cannot persuade R2-AS1 router to advertise prefixes there. Even without AS3 in the path... >> Here AS3 = 21017. And what I see on R2: >> spring#sh ip bgp 10.36.72.32 >> BGP routing table entry for 10.36.72.32/27, version 505812 >> Paths: (1 available, best #1, table Default-IP-Routing-Table) >> Not advertised to any peer > I'm not exactly sure when this behaviour was changed, not doing the > filter on the sending side of an eBGP link - but we've seen it years > ago already. > Your best bet might be "not use AS3 in multiple places". >> spring#sh ip bgp 10.36.72.32 >> BGP routing table entry for 10.36.72.32/27, version 506076 >> Paths: (1 available, best #1, table Default-IP-Routing-Table) >> Not advertised to any peer >> 20485 30835, (received & used) >> 10.36.2.22 (metric 3072) from 213.129.126.1 (10.36.1.1) >> Origin incomplete, metric 0, localpref 100, valid, internal, best >> Originator: 10.36.1.4, Cluster list: 10.36.1.1 > So how's your export policies on that router towards the neighbour > that you should see the prefix on? The R3-AS3 router doesn't know these prefixes. It has its own BGP table. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
