BGP Conditional advertisement
Needs some help ... trying to configure conditional advertisment with BGP but seems like the route is still advertised ...
R2 ---EBGP ---- R5
R2 config
!
router bgp 300
no synchronization
bgp router-id 150.1.2.2
bgp log-neighbor-changes
network 136.1.29.0 mask 255.255.255.0
neighbor 136.1.23.3 remote-as 100
neighbor 136.1.29.9 remote-as 100
neighbor 136.1.245.5 remote-as 200
neighbor 136.1.245.5 advertise-map ADVERTISE_MAP non-exist-map PTP_TO_R3_DOWN
no auto-summary
!
route-map ADVERTISE_MAP permit 10
match ip address prefix-list MATCH_VLAN29
!
route-map PTP_TO_R3_DOWN permit 10
match ip address prefix-list MATCH_PTP_TO_R3
!
ip prefix-list MATCH_PTP_TO_R3 seq 5 permit 136.1.23.0/24
!
ip prefix-list MATCH_VLAN29 seq 5 permit 136.1.29.0/24
!
R5
!
Rack1R5#sh ip bgp | inc 136.1.29.|Net
Network Next Hop Metric LocPrf Weight Path
*> 136.1.29.0/24 136.1.245.2 0 100 300 i
Rack1R5#
136.1.29.0/29 should be advertised only if 136.1.23.0/24 is not in my local routing table (136.1.23.0 is localy connected network to R3).
Comments
I guess i should have tried before ... i mixed up non-exist-map ... it should be exist-map ... and now it is working .... but kind of confusing
If non-exist-map = TRUE (136.1.23.0/24) - means route is NOT in the table and then router SHOULD advertise 136.1.29.0
Can some one point me where i made the misstake with the logic here?
Thanks
Dmitriy
The show command you are using only displays your BGP table, right? But you are using advertise-map per neighbour.
What if you execute "show ip bgp neigh 136.1.245.5 advertised | i 136.1.29" when VLAN29 is up and then shut it down and re-type the command?
See below .. seems like the network is advertised anyway even before shutting down 136.1.23.0 network
Before shutting down 136.1.23.0 interface
Rack1R2#sh ip route conn
136.1.0.0/16 is variably subnetted, 16 subnets, 2 masks
C 136.1.245.0/24 is directly connected, Serial0/0
C 136.1.29.0/24 is directly connected, FastEthernet0/0
C 136.1.23.3/32 is directly connected, Serial0/1
C 136.1.23.0/24 is directly connected, Serial0/1
150.1.0.0/24 is subnetted, 7 subnets
C 150.1.2.0 is directly connected, Loopback0
Rack1R2#
Rack1R2#sh ip bgp neigh 136.1.245.5 adv | inc 136.1.29.0
*> 136.1.29.0/24 0.0.0.0 0 32768 i
Rack1R2#
show command was executed on R5 and next-hop is indicating that the route was learned from 136.1.245.2 (R2) but it should be learned from R1 136.1.15.1
sorry, didn't read it properly.
What if you tried using normal access-lists instead of prefix-lists and matching ip address <number> in your route-map. any help?
No difference ... network is still advertised when 136.1.23.0 is UP ... i think there is something wrong with my configs / logic :-(
Rack1R5#sh run | sec router bgp
router bgp 200
no synchronization
bgp router-id 150.1.5.5
bgp log-neighbor-changes
neighbor 136.1.15.1 remote-as 100
neighbor 136.1.57.7 remote-as 200
neighbor 136.1.57.7 next-hop-self
neighbor 136.1.245.2 remote-as 300
neighbor 136.1.245.2 route-map SET_WEIGHT in
neighbor 150.1.4.4 remote-as 400
neighbor 150.1.4.4 ebgp-multihop 255
neighbor 150.1.4.4 update-source Loopback0
neighbor 192.10.1.254 remote-as 254
neighbor 192.10.1.254 password CISCO
no auto-summary
Rack1R5#
Rack1R2#sh run | sec router bgp
router bgp 300
no synchronization
bgp router-id 150.1.2.2
bgp log-neighbor-changes
network 136.1.29.0 mask 255.255.255.0
neighbor 136.1.23.3 remote-as 100
neighbor 136.1.29.9 remote-as 100
neighbor 136.1.245.5 remote-as 200
neighbor 136.1.245.5 advertise-map ADVERTISE_MAP non-exist-map PTP_TO_R3_DOWN
no auto-summary
Rack1R2#
access-list 10 permit 136.1.23.0
access-list 11 permit 136.1.29.0
route-map ADVERTISE_MAP permit 10
match ip address 11
!
route-map PTP_TO_R3_DOWN permit 10
match ip address 10
!
I'd say your logic is correct indeed but your access-lists aren't; You are missing the wildcard part
(0.0.0.255)
I had the same experience as well, I think it is a bug. Usually I just reverse the logic for this, when I think the logic should be exist-map, I would use non-exist-map instead and the result is what I expected.
Be aware this might be misleading but that's how I do it. :-)
still not working ... but it did work without providing wildcard ...
Rack1R2#sh access-list
Standard IP access list 10
10 permit 136.1.23.0
Standard IP access list 11
10 permit 136.1.29.0 (2 matches)
After adding wildcard mask:
Rack1R2#sh access-list
Standard IP access list 10
10 permit 136.1.23.0, wildcard bits 0.0.0.255
Standard IP access list 11
10 permit 136.1.29.0, wildcard bits 0.0.0.255 (1 match)
Rack1R2#sh ip bgp neigh 136.1.245.5 adv
BGP table version is 13, local router ID is 150.1.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 112.0.0.0 136.1.23.3 0 100 54 50 60 i
*> 113.0.0.0 136.1.23.3 0 100 54 50 60 i
*> 136.1.3.0/24 136.1.23.3 0 0 100 i
*> 136.1.29.0/24 0.0.0.0 0 32768 i
*> 136.1.109.0/24 136.1.29.9 0 0 100 i
Total number of prefixes 5
Rack1R2#
Damn route is still there ... [:@]
I was thinking the same and just tried again and here are my results which comfusing the living hell out of me ....
when i applied reverse logic .. changed non-exist-map to exist-map, 136.1.29.0/24 route was NOT getting advertised anymore to R2 ...
Rack1R2#sh ip bgp neigh 136.1.245.5 adv
BGP table version is 15, local router ID is 150.1.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 112.0.0.0 136.1.23.3 0 100 54 50 60 i
*> 113.0.0.0 136.1.23.3 0 100 54 50 60 i
*> 136.1.3.0/24 136.1.23.3 0 0 100 i
*> 136.1.109.0/24 136.1.29.9 0 0 100 i
Total number of prefixes 4
Rack1R2#sh access-list
Standard IP access list 10
10 permit 136.1.23.0, wildcard bits 0.0.0.255
Standard IP access list 11
10 permit 136.1.29.0, wildcard bits 0.0.0.255 (3 matches)
Standard IP access list BB1_ROUTES
10 permit 212.18.0.0, wildcard bits 0.0.3.255
Rack1R2#
Now, i have shutdown link from R2 going to R3 (136.1.23.0) and it is removed frm the local routing table .. see below: Results as expected .....
Rack1R2#sh ip rout
*Mar 1 23:36:05.179: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down
*Mar 1 23:36:05.207: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 136.1.23.3 (Serial0/1) is down: interface down
*Mar 1 23:36:05.235: %BGP-5-ADJCHANGE: neighbor 136.1.23.3 Down Interface flap
*Mar 1 23:36:06.179: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down
Rack1R2#sh ip route conn
136.1.0.0/16 is variably subnetted, 13 subnets, 2 masks
C 136.1.245.0/24 is directly connected, Serial0/0
C 136.1.29.0/24 is directly connected, FastEthernet0/0
150.1.0.0/24 is subnetted, 7 subnets
C 150.1.2.0 is directly connected, Loopback0
Rack1R2#
Now doing some debugs ....
Rack1R2#cle ip bgp * out
Rack1R2#
*Mar 1 23:36:59.435: BGP(0): 136.1.245.5 136.1.29.0/24 matches advertise map ADVERTISE_MAP, state: Withdraw
*Mar 1 23:36:59.439: BGP(0): 136.1.245.5 send UPDATE (format) 136.1.109.0/24, next 136.1.245.2, metric 0, path 100
Rack1R2#
and now i am totaly lost ... routes in the advertise-map should only be advertised when conditions met for the exist or non-exist maps ... this debug is telling me that it's totaly opposite .. exist-map returning FALSE and advertise map withdraws the route when it should ADVERTISE it to R5 ....
may be i need few drink to help me understand that ... [8o|]
OK .. a day later and lots of frustration ... the problem was .... (as i had a feeling my ignored it) ... non-exist-map was never checked since it was already FALSE ... the process would be looking for 136.1.23.0/24 network in BGP table (pls correct me if i am wrong) .... no local routing table ... so as soon as network statement added into BGP ... everything works as expected with my initial configuraton
neighbor 136.1.245.5 advertise-map ADVERTISE_MAP non-exist-map PTP_TO_R3_DOWN
advertise 136.1.29.0/24 if non-exist-map 136.1.23.0/24 is not in BGP routing table
Rack1R3(config-if)#
Rack1R3(config-if)#shu
Rack1R3(config-if)#
Access_Router#2
[Resuming connection 2 to r2 ... ]
Rack1R2#
Rack1R2#
*Mar 2 00:03:22.747: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down
*Mar 2 00:03:22.775: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 136.1.23.3 (Serial0/1) is down: interface down
*Mar 2 00:03:22.803: %BGP-5-ADJCHANGE: neighbor 136.1.23.3 Down Interface flap
*Mar 2 00:03:22.827: BGP(0): 136.1.245.5 send unreachable 136.1.23.0/24
*Mar 2 00:03:22.911: BGP(0): 136.1.245.5 rcv UPDATE about 136.1.23.0/24 -- withdrawn
*Mar 2 00:03:23.363: BPG(0): Condition PTP_TO_R3_DOWN changes to Advertise
*Mar 2 00:03:23.363: BPG(0): Condition PTP_TO_R3_DOWN changes to Advertise
Rack1R2#
*Mar 2 00:03:53.431: BGP(0): 136.1.245.5 136.1.29.0/24 matches advertise map ADVERTISE_MAP, state: Advertise
Rack1R2#sh ip bgp neigh 136.1.245.5 adv
BGP table version is 45, local router ID is 150.1.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 136.1.29.0/24 0.0.0.0 0 32768 i
*> 136.1.109.0/24 136.1.29.9 0 0 100 i
Total number of prefixes 2
Rack1R2#
Sorry for the long threads .. (i think this would be helpfull for others to read with detailed outputs) ....
Thanks for helping out guys :-)
Hey Thanks, very helpful. Good it is not a bug. :-)
Ugh, how did I miss that you hadn't brought the prefix into the BGP table, god dammed. That happens when you don't have time to read the entire config but still want to reply
All the Cisco examples clealy state that tracking is done in BGP table using netwalker, not for the routing table itself. For example :
If 192.168.50.0/24 exists in R102's BGP table, then do not advertise the 128.16.16.0/24 network to R101.
If 192.168.50.0/24 does not exist in R102's BGP table, then advertise the 128.16.16.0/24 network to R101.
hehe and i read that example at let 2 times and still missed that point .... oh well ... now i better remember this :-)
Thanks a lot for help