BGP incoming routes processing.

router bgp 200
 no synchronization
 bgp log-neighbor-changes
 network 22.22.22.22 mask 255.255.255.255
 neighbor 12.12.12.1 remote-as 100
 neighbor 12.12.12.1 send-community both

 neighbor 12.12.12.1 prefix-list FROMR1 in
 neighbor 12.12.12.1 route-map FROMR1 in
 neighbor 12.12.12.1 filter-list 1 in

In above senario how excution of route-map,prefix list and filter-list for incoming updates.

Which will come first ?

/Ganpat

Comments

  • I prefer to avoid mix of these filtering types. Though

    Inboubd order of updates filtering is to be like this

    1.filter-list
    2.distribute-list/prefix-list
    3.route-map

    Discussions are here for the same, look at the Cristian posts in the discussion

    http://ieoc.com/forums/p/15319/153796.aspx

    http://forum.internetworkexpert.com/forums/p/12021/128505.aspx

     

  • <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">For inbound :

    Filter list
    Route map
    Prefix list

    For outbound :

    Prefix list
    Filter lsit
    Route map

    Sent on my BlackBerry®

    From: ganpatspatil <[email protected]>
    Date: 24 Feb 2012 04:53:45 -0800
    Subject: [CCIE R&S] BGP incoming routes processing.

    router bgp 200
     no synchronization
     bgp log-neighbor-changes
     network 22.22.22.22 mask 255.255.255.255
     neighbor 12.12.12.1 remote-as 100
     neighbor 12.12.12.1 send-community both

     neighbor 12.12.12.1 prefix-list FROMR1 in
     neighbor 12.12.12.1 route-map FROMR1 in
     neighbor 12.12.12.1 filter-list 1 in

    In above senario how excution of route-map,prefix list and filter-list for incoming updates.

    Which will come first ?

    /Ganpat




    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx
  • R1-------------------------------R2

    R1 is sending 11.11.11.11/32 with community of 100:100 to R2..

     

    ---R1----

    router bgp 100
     no synchronization
     bgp log-neighbor-changes
     network 11.11.11.11 mask 255.255.255.255
     network 111.111.111.111 mask 255.255.255.255
     neighbor 12.12.12.2 remote-as 200
     neighbor 12.12.12.2 send-community both
     neighbor 12.12.12.2 route-map TO_R2 out
     no auto-summary
    !
    !
    ip bgp-community new-format
    !
    !
    ip prefix-list LOOP0 seq 5 permit 11.11.11.11/32
    !
    !
    route-map TO_R2 permit 10
     match ip address prefix-lists LOOP0
     set community 100:100
    !
    route-map TO_R2 permit 20
    !

    ----R2----
    router bgp 200
     no synchronization
     bgp log-neighbor-changes
     network 22.22.22.22 mask 255.255.255.255
     neighbor 12.12.12.1 remote-as 100
     neighbor 12.12.12.1 send-community both

     neighbor 12.12.12.1 prefix-list LOOP0 in
     neighbor 12.12.12.1 route-map FROM_R1 in
     neighbor 12.12.12.1 filter-list 1 in

     no auto-summary
    !
    ip forward-protocol nd
    !
    ip bgp-community new-format
    !
    ip community-list 1 permit 100:100
    !
    ip as-path access-list 1 permit _100$
    !
    ip prefix-list LOOP0 seq 5 permit 11.11.11.11/32
    !
    route-map FROM_R1 deny 10
     match community 1
     set local-preference 55555
    !

    In above R2 configuration......> Filter-list permitting the route......route-map denying the route......
    prefix list permitting the route.....In this case as per my understanding route should be accepted as it is 1st processed in filter-list.

    However it is getting denied due to the route-map. want to understand the reason behind this.

    R2#
    *Mar  1 00:51:29.347: %BGP-5-ADJCHANGE: neighbor 12.12.12.1 Down User reset
    *Mar  1 00:51:29.503: %BGP-5-ADJCHANGE: neighbor 12.12.12.1 Up
    R2#
    *Mar  1 00:51:29.527: BGP(0): 12.12.12.1 rcvd UPDATE w/ attr: nexthop 12.12.12.1, origin i, metric 0, path 100, community 100:100
    *Mar  1 00:51:29.531: BGP(0): 12.12.12.1 rcvd 11.11.11.11/32 -- DENIED due to: route-map;

     

     

    Is it woking like...even if it is matched in filter-list ....and its denied in route-map its getting denied...as route-map will be processed after filter list..

    .

     

     

     

     

     

     

     

     

     

     

     

  • One more observation...

    If route is denied by filter-list ..then it will be denied even if route-map and prefix-list ic configured to permit the route.

    ==R2====

    router bgp 200
     no synchronization
     bgp log-neighbor-changes
     network 22.22.22.22 mask 255.255.255.255
     neighbor 12.12.12.1 remote-as 100
     neighbor 12.12.12.1 send-community both

     neighbor 12.12.12.1 prefix-list LOOP0 in
     neighbor 12.12.12.1 route-map FROM_R1 in
     neighbor 12.12.12.1 filter-list 1 in
     no auto-summary
    !
    ip forward-protocol nd
    !
    ip bgp-community new-format
    ip community-list 1 permit 100:100
    !

    ip as-path access-list 1 deny _100$
    !
    ip prefix-list LOOP0 seq 5 permit 11.11.11.11/32
    !
    route-map FROM_R1 permit 10
     match community 1
     set local-preference 55555
    !
    !
    !
    control-plane
    !
    !
    !

  • But if you look into this Cisco BGP FAQ page:

    http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml

    says:

    For inbound updates the order of preference is:

        route-map

        filter-list

        prefix-list, distribute-list

    Good Luck

  • peetypeety ✭✭✭

    Does it really matter?  I say no. 

  • Offcourse....its matter.

    We may try to avoid this type of senarios in LAB exam however need to understand it.

  • peetypeety ✭✭✭

    OK, I'm listening: why on earth does this matter?

    Any route that passes the prefix list but fails the filter list will be blocked.  If the filter list blocks it before the prefix list, it'll be blocked; if the prefix list allows then the filter list blocks it, it'll be blocked.  Overlay a route-map and the same thing happens - anything denied is denied.

    What command could they run that would truly care about the order?

  • Hi Peety,

     

    Thanks for  your comment.

    More intersted in understanding the sequence of execution.If you refer the below logs

    Filter-list permitting the route......route-map denying the route......prefix list permitting the route...

    In this case as per my understanding route should be accepted as it is 1st processed in filter-list.

    However it is getting denied due to the route-map. want to understand the reason behind this.

    R2#
    *Mar  1 00:51:29.347: %BGP-5-ADJCHANGE: neighbor 12.12.12.1 Down User reset
    *Mar  1 00:51:29.503: %BGP-5-ADJCHANGE: neighbor 12.12.12.1 Up
    R2#
    *Mar  1 00:51:29.527: BGP(0): 12.12.12.1 rcvd UPDATE w/ attr: nexthop 12.12.12.1, origin i, metric 0, path 100, community 100:100
    *Mar  1 00:51:29.531: BGP(0): 12.12.12.1 rcvd 11.11.11.11/32 -- DENIED due to: route-map;

    Comment on below two points :-

    1)Is it woking like...even if it is matched in filter-list ....and its denied in route-map so its getting denied...?

    Route-map will be processed after filter list so as per my understnding route should permit (Please confirm my understanding)

    2)If route is denied by filter-list ..then it will be denied,even if route-map and prefix-list ic configured to permit the route.
      (Please confirm my understanding)

     

  • So which one is correct?

    I loaded my LABS, I got same order as mentioned in Cisco web site:


        route-map

        filter-list

        prefix-list, distribute-list

    but to be confirmed I will load lab again and post all results with output...

Sign In or Register to comment.