Re: [c-nsp] BGP route won't advertise
On Thursday, March 07, 2013 08:06:59 AM Mattias Gyllenvarg wrote: In our design, which I have not seen anyone else do, we have many communities per prefix that has an individual purpose each. We do this to a very small extent, like when we want a router to only learn a specific set of routes because it shouldn't be forwarding traffic to any other destinations, e.g., announce only the prefix that our NOC lives on to the blackhole routers since all those routers do is signal RTBH routes, and don't need to see any other (internal) routes. Communities are powerful. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
On 2/28/13 10:35 AM, Jerry Bacon wrote: It's complicated. I am doing transit for this customer, be we have common upstream peers, and I need to disallow his other advertisements. I'm sure there are better ways to do this, but my real problem is that I can't get one of my routers to advertise his routes, while the other one does. Jon is right, deny or allow+tag is the way to go. Simple example: ASN in this case is your ASN. Make a cheat sheet like this: ASN:ABCDE. The right side breaks out to: A (route category) = 1 for customer, 2 for yours, 3 for upstream BC = pop number, set to 01 for now if you want a starting point. DE = future expansion, set to 00 for now as a starting point. This customer's routes would get tagged ASN:10100, your own aggregates would get tagged ASN:20100, and upstream routes would get tagged ASN:30100. ip community-list 101 permit ASN:1 ip community-list 102 permit ASN:2 ip community-list 103 permit ASN:3 route-map transit-out p 10 match commu 101 route-map transit-out p 20 match commu 102 route-map transit-out d 30 match commu 103 Bingo, this prefix goes out, but other routes from that customer's AS (learned from one transit) don't flow to the other transit. pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
Just too add... With communities you make your own rules. As in Petes example you make up what numbers you want and how they look. In Petes example he uses the most common way of implementing this. Which is a single large community number with several purposes. In our design, which I have not seen anyone else do, we have many communities per prefix that has an individual purpose each. Plus side is no complex regexp that can be hard too design and troubleshoot. Minus is more communities. Our cheat sheet looks something like. 100-199 What ISP originated? 200-299 POP 600-650 How too announce etc etc I think and the guys here (at work, not the list) agree that this is easier too work with. Don't fall into the make it complex because you can trap. Its hard too get out... On 6 March 2013 15:16, Pete Templin peteli...@templin.org wrote: On 2/28/13 10:35 AM, Jerry Bacon wrote: It's complicated. I am doing transit for this customer, be we have common upstream peers, and I need to disallow his other advertisements. I'm sure there are better ways to do this, but my real problem is that I can't get one of my routers to advertise his routes, while the other one does. Jon is right, deny or allow+tag is the way to go. Simple example: ASN in this case is your ASN. Make a cheat sheet like this: ASN:ABCDE. The right side breaks out to: A (route category) = 1 for customer, 2 for yours, 3 for upstream BC = pop number, set to 01 for now if you want a starting point. DE = future expansion, set to 00 for now as a starting point. This customer's routes would get tagged ASN:10100, your own aggregates would get tagged ASN:20100, and upstream routes would get tagged ASN:30100. ip community-list 101 permit ASN:1 ip community-list 102 permit ASN:2 ip community-list 103 permit ASN:3 route-map transit-out p 10 match commu 101 route-map transit-out p 20 match commu 102 route-map transit-out d 30 match commu 103 Bingo, this prefix goes out, but other routes from that customer's AS (learned from one transit) don't flow to the other transit. pt __**_ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/**mailman/listinfo/cisco-nsphttps://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/**pipermail/cisco-nsp/http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
On 2/27/2013 7:45 PM, Jon Lewis wrote: On Wed, 27 Feb 2013, Jay Hennigan wrote: You could simplify that to: ip as-path access-list 10 deny _11xx1_ ip as-path access-list 10 permit .* - Dangerous outbound to transit connections. Or simplify things more by using prefix filters / route-maps on the customer BGP sessions to deny/accept+tag routes with communities that tell the rest of your network what to do with the routes (i.e. whether a route gets advertised to your transit providers, etc.). That ends up being much saner as you have smaller filters in more places rather than monster filters at the border where you'll lose track of why things are there. I do have filters on the customer BGP sessions, but I have to disallow his AS from my upstreams, or I become a transit for those routes. -- Jerry Bacon Senior Network Engineer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
On 2/27/2013 5:02 PM, Jay Hennigan wrote: On R3, do you have next-hop-self to neighbor R1 and vice-versa? Yes. You could simplify that to: ip as-path access-list 10 deny _11xx1_ ip as-path access-list 10 permit .* - Dangerous outbound to transit connections. Do you have any IP or prefix-list filters in place? Nothing that I can see that would affect this advertisement. And I'm still puzzled as to why it works on R4 but not on R1. -- Jerry Bacon Senior Network Engineer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
Hi, On Thu, Feb 28, 2013 at 09:10:09AM -0800, Jerry Bacon wrote: I do have filters on the customer BGP sessions, but I have to disallow his AS from my upstreams, or I become a transit for those routes. This is what communities come in handy for. Filtering by AS path list gets quite unwieldy as soon as more than a few customers are connected (some of them having their own BGP customers, etc) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpUgvKs68_x5.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
On Thu, 28 Feb 2013, Jerry Bacon wrote: On 2/27/2013 7:45 PM, Jon Lewis wrote: On Wed, 27 Feb 2013, Jay Hennigan wrote: You could simplify that to: ip as-path access-list 10 deny _11xx1_ ip as-path access-list 10 permit .* - Dangerous outbound to transit connections. Or simplify things more by using prefix filters / route-maps on the customer BGP sessions to deny/accept+tag routes with communities that tell the rest of your network what to do with the routes (i.e. whether a route gets advertised to your transit providers, etc.). That ends up being much saner as you have smaller filters in more places rather than monster filters at the border where you'll lose track of why things are there. I do have filters on the customer BGP sessions, but I have to disallow his AS from my upstreams, or I become a transit for those routes. So this is a BGP peering...but you're not providing transit? We have a cummunity string for that. The above advice still stands. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
On 2/28/2013 10:14 AM, Jon Lewis wrote: On Thu, 28 Feb 2013, Jerry Bacon wrote: On 2/27/2013 7:45 PM, Jon Lewis wrote: Or simplify things more by using prefix filters / route-maps on the customer BGP sessions to deny/accept+tag routes with communities that tell the rest of your network what to do with the routes (i.e. whether a route gets advertised to your transit providers, etc.). That ends up being much saner as you have smaller filters in more places rather than monster filters at the border where you'll lose track of why things are there. I do have filters on the customer BGP sessions, but I have to disallow his AS from my upstreams, or I become a transit for those routes. So this is a BGP peering...but you're not providing transit? We have a cummunity string for that. The above advice still stands. It's complicated. I am doing transit for this customer, be we have common upstream peers, and I need to disallow his other advertisements. I'm sure there are better ways to do this, but my real problem is that I can't get one of my routers to advertise his routes, while the other one does. -- Jerry Bacon Senior Network Engineer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
On 2/27/2013 4:28 PM, Randy wrote: a stab in the dark: on R1 BGP- a)is auto-summary enabled? or perhaps b)aggregate-addr with summary-only? No, neither of those apply in this case. Auto-summary is disabled, and I'm not doing any aggregation. ./Randy --- On Wed, 2/27/13, Jerry Bacon wirel...@starbeam.com wrote: From: Jerry Bacon wirel...@starbeam.com wrote: On 2/27/13 3:24 PM, Jerry Bacon wrote: R1#sh ip bgp a.b.c.0/22 BGP routing table entry for a.b.c.0/22, version 406152 Bestpath Modifiers: always-compare-med, deterministic-med Paths: (1 available, best #1) Not advertised to any peer 11xx1 x.y.z.242 (metric 143360) from x.y.z.242 (x.y.z.242) Origin IGP, metric 0, localpref 100, valid, internal, best None of the issues that I have been able to find that might cause this behaviour seem to apply. Any ideas on what more to look for? No IGP route to x.y.z.242 from R1 and BGP synchronization enabled? Prefix-list or AS-path filter list on your EBGP neighbor on R1? Next hop of R3 not reachable from EBGP neighbor (need next-hop-self?) No-export community getting applied by a route-map? I'm using EIGRP as my IGP, synchronization is disabled, and there is a good route to R3: R1#sh ip rou x.y.z.242 Routing entry for x.y.z.242/32 Known via eigrp 100, distance 170, metric 143360, type external Redistributing via eigrp 100 Last update from 10.1.25.130 on GigabitEthernet2/0.283, 16:44:58 ago Routing Descriptor Blocks: * 10.1.25.130, from 10.1.25.130, 16:44:58 ago, via GigabitEthernet2/0.283 Route metric is 143360, traffic share count is 1 Total delay is 5020 microseconds, minimum bandwidth is 172413 Kbit Reliability 255/255, minimum MTU 1514 bytes Loading 23/255, Hops 2 I've tried with and without next-hop-self on R3, it doesn't seem to make any difference. On R1, I have: ip as-path access-list 16 permit ^$ ip as-path access-list 16 permit ^11xx1 ip as-path access-list 16 deny _11xx1_ ip as-path access-list 16 permit .* On R4, I have: ip as-path access-list 10 permit ^11xx1 ip as-path access-list 10 deny _11xx1_ ip as-path access-list 10 permit .* I had to do this to keep from doing transit of other routes from this customer. -- Jerry Bacon Senior Network Engineer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP route won't advertise
I have the following layout: Internet -- R1 -- R2 -- R3 -- R4 -- Internet I have a customer attached to R3 for whom I am doing transit. R1, R2, R4 are GSR 12008 running 12.0(32)S14 R3 is a 3825 running 12.3(11)T5 At R4 everything is fine: R4#sh ip rou a.b.c.0 Routing entry for a.b.c.0/22, supernet Known via bgp 1xx77, distance 200, metric 0 Tag 11xx1, type internal Last update from x.y.z.242 1w5d ago Routing Descriptor Blocks: * x.y.z.242, from x.y.z.242, 1w5d ago Route metric is 0, traffic share count is 1 AS Hops 1, BGP network version 0 Route tag 11xx1 R4#sh ip bgp a.b.c.0/22 BGP routing table entry for a.b.c.0/22, version 40711009 Bestpath Modifiers: always-compare-med, deterministic-med Paths: (1 available, best #1) Advertised to update-groups: 5 11xx1 x.y.z.242 (metric 143104) from x.y.z.242 (x.y.z.242) Origin IGP, metric 0, localpref 100, valid, internal, best However, at R1 the same route won't advertise: R1#sh ip rou a.b.c.0 Routing entry for a.b.c.0/22, supernet Known via bgp 1xx77, distance 200, metric 0 Tag 11xx1, type internal Last update from x.y.z.242 16:03:41 ago Routing Descriptor Blocks: * x.y.z.242, from x.y.z.242, 16:03:41 ago Route metric is 0, traffic share count is 1 AS Hops 1, BGP network version 0 Route tag 11xx1 R1#sh ip bgp a.b.c.0/22 BGP routing table entry for a.b.c.0/22, version 406152 Bestpath Modifiers: always-compare-med, deterministic-med Paths: (1 available, best #1) Not advertised to any peer 11xx1 x.y.z.242 (metric 143360) from x.y.z.242 (x.y.z.242) Origin IGP, metric 0, localpref 100, valid, internal, best None of the issues that I have been able to find that might cause this behaviour seem to apply. Any ideas on what more to look for? -- Jerry Bacon Senior Network Engineer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
On 2/27/13 3:24 PM, Jerry Bacon wrote: R1#sh ip bgp a.b.c.0/22 BGP routing table entry for a.b.c.0/22, version 406152 Bestpath Modifiers: always-compare-med, deterministic-med Paths: (1 available, best #1) Not advertised to any peer 11xx1 x.y.z.242 (metric 143360) from x.y.z.242 (x.y.z.242) Origin IGP, metric 0, localpref 100, valid, internal, best None of the issues that I have been able to find that might cause this behaviour seem to apply. Any ideas on what more to look for? No IGP route to x.y.z.242 from R1 and BGP synchronization enabled? Prefix-list or AS-path filter list on your EBGP neighbor on R1? Next hop of R3 not reachable from EBGP neighbor (need next-hop-self?) No-export community getting applied by a route-map? -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
I presume a.b.c.0/22 is the prefix you are receiving from your customer and AS1xx7 is your customer's AS? Is there any outbound route policy on R1 facing your transit provider there which might be preventing the re-advertisment? -- Sent from my mobile device On 2013-02-27, at 6:24 PM, Jerry Bacon wirel...@starbeam.com wrote: I have the following layout: Internet -- R1 -- R2 -- R3 -- R4 -- Internet I have a customer attached to R3 for whom I am doing transit. R1, R2, R4 are GSR 12008 running 12.0(32)S14 R3 is a 3825 running 12.3(11)T5 At R4 everything is fine: R4#sh ip rou a.b.c.0 Routing entry for a.b.c.0/22, supernet Known via bgp 1xx77, distance 200, metric 0 Tag 11xx1, type internal Last update from x.y.z.242 1w5d ago Routing Descriptor Blocks: * x.y.z.242, from x.y.z.242, 1w5d ago Route metric is 0, traffic share count is 1 AS Hops 1, BGP network version 0 Route tag 11xx1 R4#sh ip bgp a.b.c.0/22 BGP routing table entry for a.b.c.0/22, version 40711009 Bestpath Modifiers: always-compare-med, deterministic-med Paths: (1 available, best #1) Advertised to update-groups: 5 11xx1 x.y.z.242 (metric 143104) from x.y.z.242 (x.y.z.242) Origin IGP, metric 0, localpref 100, valid, internal, best However, at R1 the same route won't advertise: R1#sh ip rou a.b.c.0 Routing entry for a.b.c.0/22, supernet Known via bgp 1xx77, distance 200, metric 0 Tag 11xx1, type internal Last update from x.y.z.242 16:03:41 ago Routing Descriptor Blocks: * x.y.z.242, from x.y.z.242, 16:03:41 ago Route metric is 0, traffic share count is 1 AS Hops 1, BGP network version 0 Route tag 11xx1 R1#sh ip bgp a.b.c.0/22 BGP routing table entry for a.b.c.0/22, version 406152 Bestpath Modifiers: always-compare-med, deterministic-med Paths: (1 available, best #1) Not advertised to any peer 11xx1 x.y.z.242 (metric 143360) from x.y.z.242 (x.y.z.242) Origin IGP, metric 0, localpref 100, valid, internal, best None of the issues that I have been able to find that might cause this behaviour seem to apply. Any ideas on what more to look for? -- Jerry Bacon Senior Network Engineer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
On 2/27/2013 3:48 PM, Jason Lixfeld wrote: I presume a.b.c.0/22 is the prefix you are receiving from your customer and AS1xx7 is your customer's AS? Yes, that is correct. It's actually part of a /19. Is there any outbound route policy on R1 facing your transit provider there which might be preventing the re-advertisment? No, in fact, i have this: ip prefix-list announce seq 40 deny a.b.48.0/22 ip prefix-list announce seq 41 permit a.b.32.0/19 le 24 The setup on R1 and R4 is virtually the same. On 2013-02-27, at 6:24 PM, Jerry Bacon wirel...@starbeam.com wrote: I have the following layout: Internet -- R1 -- R2 -- R3 -- R4 -- Internet I have a customer attached to R3 for whom I am doing transit. R1, R2, R4 are GSR 12008 running 12.0(32)S14 R3 is a 3825 running 12.3(11)T5 At R4 everything is fine: R4#sh ip rou a.b.c.0 Routing entry for a.b.c.0/22, supernet Known via bgp 1xx77, distance 200, metric 0 Tag 11xx1, type internal Last update from x.y.z.242 1w5d ago Routing Descriptor Blocks: * x.y.z.242, from x.y.z.242, 1w5d ago Route metric is 0, traffic share count is 1 AS Hops 1, BGP network version 0 Route tag 11xx1 R4#sh ip bgp a.b.c.0/22 BGP routing table entry for a.b.c.0/22, version 40711009 Bestpath Modifiers: always-compare-med, deterministic-med Paths: (1 available, best #1) Advertised to update-groups: 5 11xx1 x.y.z.242 (metric 143104) from x.y.z.242 (x.y.z.242) Origin IGP, metric 0, localpref 100, valid, internal, best However, at R1 the same route won't advertise: R1#sh ip rou a.b.c.0 Routing entry for a.b.c.0/22, supernet Known via bgp 1xx77, distance 200, metric 0 Tag 11xx1, type internal Last update from x.y.z.242 16:03:41 ago Routing Descriptor Blocks: * x.y.z.242, from x.y.z.242, 16:03:41 ago Route metric is 0, traffic share count is 1 AS Hops 1, BGP network version 0 Route tag 11xx1 R1#sh ip bgp a.b.c.0/22 BGP routing table entry for a.b.c.0/22, version 406152 Bestpath Modifiers: always-compare-med, deterministic-med Paths: (1 available, best #1) Not advertised to any peer 11xx1 x.y.z.242 (metric 143360) from x.y.z.242 (x.y.z.242) Origin IGP, metric 0, localpref 100, valid, internal, best None of the issues that I have been able to find that might cause this behaviour seem to apply. Any ideas on what more to look for? -- Jerry Bacon Senior Network Engineer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
On 2/27/2013 3:47 PM, Jay Hennigan wrote: On 2/27/13 3:24 PM, Jerry Bacon wrote: R1#sh ip bgp a.b.c.0/22 BGP routing table entry for a.b.c.0/22, version 406152 Bestpath Modifiers: always-compare-med, deterministic-med Paths: (1 available, best #1) Not advertised to any peer 11xx1 x.y.z.242 (metric 143360) from x.y.z.242 (x.y.z.242) Origin IGP, metric 0, localpref 100, valid, internal, best None of the issues that I have been able to find that might cause this behaviour seem to apply. Any ideas on what more to look for? No IGP route to x.y.z.242 from R1 and BGP synchronization enabled? Prefix-list or AS-path filter list on your EBGP neighbor on R1? Next hop of R3 not reachable from EBGP neighbor (need next-hop-self?) No-export community getting applied by a route-map? I'm using EIGRP as my IGP, synchronization is disabled, and there is a good route to R3: R1#sh ip rou x.y.z.242 Routing entry for x.y.z.242/32 Known via eigrp 100, distance 170, metric 143360, type external Redistributing via eigrp 100 Last update from 10.1.25.130 on GigabitEthernet2/0.283, 16:44:58 ago Routing Descriptor Blocks: * 10.1.25.130, from 10.1.25.130, 16:44:58 ago, via GigabitEthernet2/0.283 Route metric is 143360, traffic share count is 1 Total delay is 5020 microseconds, minimum bandwidth is 172413 Kbit Reliability 255/255, minimum MTU 1514 bytes Loading 23/255, Hops 2 I've tried with and without next-hop-self on R3, it doesn't seem to make any difference. On R1, I have: ip as-path access-list 16 permit ^$ ip as-path access-list 16 permit ^11xx1 ip as-path access-list 16 deny _11xx1_ ip as-path access-list 16 permit .* On R4, I have: ip as-path access-list 10 permit ^11xx1 ip as-path access-list 10 deny _11xx1_ ip as-path access-list 10 permit .* I had to do this to keep from doing transit of other routes from this customer. -- Jerry Bacon Senior Network Engineer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
a stab in the dark: on R1 BGP- a)is auto-summary enabled? or perhaps b)aggregate-addr with summary-only? ./Randy --- On Wed, 2/27/13, Jerry Bacon wirel...@starbeam.com wrote: From: Jerry Bacon wirel...@starbeam.com Subject: Re: [c-nsp] BGP route won't advertise To: cisco-nsp@puck.nether.net Date: Wednesday, February 27, 2013, 4:07 PM On 2/27/2013 3:47 PM, Jay Hennigan wrote: On 2/27/13 3:24 PM, Jerry Bacon wrote: R1#sh ip bgp a.b.c.0/22 BGP routing table entry for a.b.c.0/22, version 406152 Bestpath Modifiers: always-compare-med, deterministic-med Paths: (1 available, best #1) Not advertised to any peer 11xx1 x.y.z.242 (metric 143360) from x.y.z.242 (x.y.z.242) Origin IGP, metric 0, localpref 100, valid, internal, best None of the issues that I have been able to find that might cause this behaviour seem to apply. Any ideas on what more to look for? No IGP route to x.y.z.242 from R1 and BGP synchronization enabled? Prefix-list or AS-path filter list on your EBGP neighbor on R1? Next hop of R3 not reachable from EBGP neighbor (need next-hop-self?) No-export community getting applied by a route-map? I'm using EIGRP as my IGP, synchronization is disabled, and there is a good route to R3: R1#sh ip rou x.y.z.242 Routing entry for x.y.z.242/32 Known via eigrp 100, distance 170, metric 143360, type external Redistributing via eigrp 100 Last update from 10.1.25.130 on GigabitEthernet2/0.283, 16:44:58 ago Routing Descriptor Blocks: * 10.1.25.130, from 10.1.25.130, 16:44:58 ago, via GigabitEthernet2/0.283 Route metric is 143360, traffic share count is 1 Total delay is 5020 microseconds, minimum bandwidth is 172413 Kbit Reliability 255/255, minimum MTU 1514 bytes Loading 23/255, Hops 2 I've tried with and without next-hop-self on R3, it doesn't seem to make any difference. On R1, I have: ip as-path access-list 16 permit ^$ ip as-path access-list 16 permit ^11xx1 ip as-path access-list 16 deny _11xx1_ ip as-path access-list 16 permit .* On R4, I have: ip as-path access-list 10 permit ^11xx1 ip as-path access-list 10 deny _11xx1_ ip as-path access-list 10 permit .* I had to do this to keep from doing transit of other routes from this customer. -- Jerry Bacon Senior Network Engineer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
On 2/27/13 4:07 PM, Jerry Bacon wrote: I've tried with and without next-hop-self on R3, it doesn't seem to make any difference. On R3, do you have next-hop-self to neighbor R1 and vice-versa? On R1, I have: ip as-path access-list 16 permit ^$ ip as-path access-list 16 permit ^11xx1 ip as-path access-list 16 deny _11xx1_ ip as-path access-list 16 permit .* On R4, I have: ip as-path access-list 10 permit ^11xx1 ip as-path access-list 10 deny _11xx1_ ip as-path access-list 10 permit .* You could simplify that to: ip as-path access-list 10 deny _11xx1_ ip as-path access-list 10 permit .* - Dangerous outbound to transit connections. Do you have any IP or prefix-list filters in place? -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
On Wed, 27 Feb 2013, Jay Hennigan wrote: On 2/27/13 4:07 PM, Jerry Bacon wrote: I've tried with and without next-hop-self on R3, it doesn't seem to make any difference. ip as-path access-list 10 permit ^11xx1 ip as-path access-list 10 deny _11xx1_ ip as-path access-list 10 permit .* You could simplify that to: ip as-path access-list 10 deny _11xx1_ ip as-path access-list 10 permit .* - Dangerous outbound to transit connections. Or simplify things more by using prefix filters / route-maps on the customer BGP sessions to deny/accept+tag routes with communities that tell the rest of your network what to do with the routes (i.e. whether a route gets advertised to your transit providers, etc.). That ends up being much saner as you have smaller filters in more places rather than monster filters at the border where you'll lose track of why things are there. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/