Re: BGP filtering without IP address Filters

From: Ramesh Ramasamy (ramesh_ramasamy@xxxxxxxxxxx)
Date: Wed Apr 25 2001 - 20:35:01 GMT-3

   
Vladimir,

Excellant - great explantion.

Pls correct me if am wrong:
IF we have access to the EBGP neighbor, could we achieve the
same by - 'neighbor r2-IPadd route-map no-trans' and rte-map
'no-trans' having 'ip as-path 1 permit ^100$' -- this i hope
will only accept updates from r2/as100.

Thanks,
Ramesh.

>From: Vladimir Shchutski <vshchutski@yahoo.com>
>Reply-To: Vladimir Shchutski <vshchutski@yahoo.com>
>To: Jerry Hutcheson <jhutches@cisco.com>, Masood Malik
><malikm24@hotmail.com>, "Chia Kim Seng, Consultant, SCSNW-Sales"
><chiaks@scsnetworks.scs.com.sg>, "Dean, Justin"
><Justin.Dean@nrtinc.com>, ccielab@groupstudy.com
>Subject: Re: BGP filtering without IP address Filters
>Date: Wed, 25 Apr 2001 11:01:44 -0700 (PDT)
>
>Will try to make it clear.
>
>r1#
>router bgp 100
>neighbor 1.1.1.1 remote-as 100 #IBGP to r2
>neighbor 2.2.2.2 remote-as 200 #EBGP to r3
>neighbor 1.1.1.1 send-community
>neighbor 2.2.2.2 send-community
>
>route-map SET_NO_EXPORT permit 10
>match ip address 1
>set community no-export
>route-map SET_NO_EXPORT permit 10
>
>access-list 1 ..........
>
>1) R1 won't pass the the route to R3
>neighbor 1.1.1.1 route-map SET_NO_EXPORT in
>
>2) __Only__ R2 won't pass the route to other AS
>neighbor 1.1.1.1 route-map SET_NO_EXPORT out
>
>3) The route won't be sent out of AS100
>neighbor 2.2.2.2 route-map SET_NO_EXPORT in
>
>4) __ASK___ AS200 not to pass the route to other AS
>neighbor 2.2.2.2 route-map SET_NO_EXPORT out
>
>Regards,
>Vladimir
>
>--- Jerry Hutcheson <jhutches@cisco.com> wrote:
> > Massod,
> >
> > If the requirement is to not allow your own local AS
> > (100) to be a transit AS, and you use the community
> > no export would you use a send-community out or in,
> > at the ebgp peer (R2)? I have heard it both ways it
> > seems to me that it should be a send community in.
> >
> > thanks,
> >
> > jerry
> >
> > and At 09:04 AM 4/25/2001 +1000, Masood Malik
> > wrote:
> > >RE: BGP filtering without IP address FiltersHi,
> > >
> > >The main difference between no-export and
> > no-advertise is as follows.
> > >
> > >When no-export community is set in an AS for a
> > route it will be passed through
> > >all the routers in the same AS (IBGP) and also to
> > the next neighbour AS
> > >(EBGP). However, this neighbour AS will not pass it
> > to its up stream AS.
> > >
> > >Thus no-exports cannot work in the same AS.
> > >
> > >When you set no-advertise community on a router in
> > any AS, the route will not
> > >be advertised to any neighbour AS whether it is
> > same (IBGP) or different
> > >(EBGP).
> > >
> > >e.g. if you have following scenario
> > >
> > >R1 (AS100)---R2 (AS100)----R3(AS200)------R4(AS300)
> > >
> > >If no-export community is set on a route entering
> > R1. You will see the route
> > >in R2 and R3 but not in R4.
> > >
> > >If no-advertise community is set on a route
> > entering R1. The route will be
> > >missing in R2, R3 or R4.
> > >
> > >Note: In order for all this to work correctly,
> > ensure setting send-community
> > >to the neighour AS peers in each router.
> > >
> > >regards
> > >Masood
> > > ----- Original Message -----
> > > From: Chia Kim Seng, Consultant, SCSNW-Sales
> > > To: 'Masood Malik' ; Vladimir Shchutski ; Dean,
> > Justin ;
> > >ccielab@groupstudy.com
> > > Sent: Tuesday, April 24, 2001 11:46 AM
> > > Subject: RE: BGP filtering without IP address
> > Filters
> > >
> > >
> > > Can I use no-export community instead?
> > >
> > > Regards
> > > Chia Kim Seng
> > >
> > > SCS Networks Pte Ltd
> > > 7 Bedok South Road
> > > Singapore 469272
> > > Tel : 065-2403164
> > > Fax: 065-2403110
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Masood Malik [mailto:malikm24@hotmail.com]
> > > Sent: Tuesday, April 24, 2001 6:21 AM
> > > To: Vladimir Shchutski; Dean, Justin;
> > ccielab@groupstudy.com
> > > Subject: Re: BGP filtering without IP address
> > Filters
> > >
> > >
> > >
> > > set no-advertise community for 1.1.1.1 on R2
> > >
> > > regards
> > > Masood
> > >
> > > ----- Original Message -----
> > > From: "Vladimir Shchutski" <vshchutski@yahoo.com>
> > > To: "Dean, Justin" <Justin.Dean@nrtinc.com>;
> > <ccielab@groupstudy.com>
> > > Sent: Tuesday, April 24, 2001 7:42 AM
> > > Subject: Re: BGP filtering without IP address
> > Filters
> > >
> > >
> > >
> > > > try community names.
> > > >
> > > > Regards,
> > > > Vladimir.
> > > >
> > > > --- "Dean, Justin" <Justin.Dean@nrtinc.com>
> > wrote:
> > > > > I am trying to have R2 filter the 1.1.1.1
> > from being
> > > > > advertised to R3. The
> > > > > requirement is that you cannot filter by ip
> > address.
> > > > > I thought I could tag
> > > > > it with a route-map at R1 then match tag at
> > R2 and
> > > > > dump it, but I get an
> > > > > error trying to put the set tag in the
> > route-map and
> > > > > apply it to the
> > > > > neighbor outbound. I also tried to prepend
> > as's, but
> > > > > since R1 and R2 are in
> > > > > same as the route shows as "i". Any Ideas?
> > justin
> > > > >
> > > > >
> > > > > 1.1.1.1-------R1----IBGP---R2---EBGP---R3----
> > > > > **Please
> > > > >
> > read:http://www.groupstudy.com/list/posting.html
> > > > >
> > > >
> >

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:56 GMT-3