Looks like your as-path ACL is still blocking your route try:
ip as-path access-list 100 permit _30835 On Thu, Oct 20, 2011 at 6:00 PM, <[email protected]> wrote: > Send cisco-nsp mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://puck.nether.net/mailman/listinfo/cisco-nsp > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of cisco-nsp digest..." > > > Today's Topics: > > 1. Re: re-advertising eBGP learned prefixes (Gert Doering) > 2. Re: re-advertising eBGP learned prefixes (Andrey Koklin) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 20 Oct 2011 17:17:46 +0200 > From: Gert Doering <[email protected]> > To: Andrey Koklin <[email protected]> > Cc: Gert Doering <[email protected]>, [email protected] > Subject: Re: [c-nsp] re-advertising eBGP learned prefixes > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Hi, > > On Thu, Oct 20, 2011 at 07:13:50PM +0400, Andrey Koklin wrote: > > ip as-path access-list 100 permit ^$ > > ip as-path access-list 101 permit _21017_ > > ip as-path access-list 102 permit _21017_21017_ > > This... > > > route-map TO_VPN_CTK permit 10 > > match ip address prefix-list TO_VPN_CTK > > match as-path 100 > > ... together with this will only permit AS-paths matched by ACL 100, > which is "^$" = "your local AS". > > So this AS path ACL will never permit anything learned from eBGP. > > Maybe this should have been > > ip as-path access-list 100 permit ^$ > ip as-path access-list 100 permit _21017_ > ip as-path access-list 100 permit _21017_21017_ > > ("100" in all 3 lines) > > > I've just tried to remove filters. The router started to advertise all > > but the needed prefixes, like 10.36.72.32/27... > > See above: the as-path filter is borked. > > gert > > -- > USENET is *not* the non-clickable part of WWW! > // > www.muc.de/~gert/ <http://www.muc.de/%7Egert/> > Gert Doering - Munich, Germany > [email protected] > fax: +49-89-35655025 > [email protected] > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: not available > Type: application/pgp-signature > Size: 305 bytes > Desc: not available > URL: < > https://puck.nether.net/pipermail/cisco-nsp/attachments/20111020/edafa327/attachment-0001.pgp > > > > ------------------------------ > > Message: 2 > Date: Thu, 20 Oct 2011 19:39:45 +0400 > From: Andrey Koklin <[email protected]> > To: Gert Doering <[email protected]> > Cc: [email protected] > Subject: Re: [c-nsp] re-advertising eBGP learned prefixes > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > On 10/20/2011 19:17, Gert Doering wrote: > > >> ip as-path access-list 100 permit ^$ > >> ip as-path access-list 101 permit _21017_ > >> ip as-path access-list 102 permit _21017_21017_ > > > This... > > >> route-map TO_VPN_CTK permit 10 > >> match ip address prefix-list TO_VPN_CTK > >> match as-path 100 > > > ... together with this will only permit AS-paths matched by ACL 100, > > which is "^$" = "your local AS". > > > So this AS path ACL will never permit anything learned from eBGP. > > Oh, yes, this is important error! > > I've added now the AS which prefixes should be seen there. > Now it is: > > -- 8< -- > router bgp 65036 > no synchronization > bgp log-neighbor-changes > bgp redistribute-internal > network 10.36.0.0 mask 255.255.0.0 > network 213.129.126.0 > timers bgp 5 20 15 > neighbor 10.36.254.2 remote-as 21017 > neighbor 10.36.254.2 soft-reconfiguration inbound > neighbor 10.36.254.2 route-map FROM_VPN_CTK in > neighbor 10.36.254.2 route-map TO_VPN_CTK out > neighbor 213.129.126.1 remote-as 65036 > neighbor 213.129.126.1 soft-reconfiguration inbound > default-information originate > distance bgp 100 100 10 > no auto-summary > > ip as-path access-list 100 permit ^$ > ip as-path access-list 100 permit _30835_ > > ip prefix-list TO_VPN_CTK description announced nets through CTK VPN > ip prefix-list TO_VPN_CTK seq 10 permit 0.0.0.0/0 > ip prefix-list TO_VPN_CTK seq 20 permit 213.129.126.0/24 > ip prefix-list TO_VPN_CTK seq 30 permit 10.36.0.0/16 > ip prefix-list TO_VPN_CTK seq 35 permit 10.36.0.0/16 le 28 > ip prefix-list TO_VPN_CTK seq 40 permit 10.36.0.0/18 le 28 > ip prefix-list TO_VPN_CTK seq 50 permit 10.36.248.0/23 le 24 > > route-map TO_VPN_CTK permit 10 > match ip address prefix-list TO_VPN_CTK > match as-path 100 > -- 8< -- > > But unfortunately, the problem remains: > > spring#cle ip bgp * soft > > spring#sh ip bgp 10.36.72.32 > BGP routing table entry for 10.36.72.32/27, version 507121 > Paths: (1 available, best #1, table Default-IP-Routing-Table) > Flag: 0x820 > Not advertised to any peer > 20485 30835, (received & used) > 10.36.2.22 (metric 3072) from 213.129.126.1 (10.36.1.1) > Origin incomplete, metric 0, localpref 100, valid, internal, best > Originator: 10.36.1.4, Cluster list: 10.36.1.1 > > > > ------------------------------ > > _______________________________________________ > cisco-nsp mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > > End of cisco-nsp Digest, Vol 107, Issue 66 > ****************************************** > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
