From: Vladimir Shchutski (vshchutski@xxxxxxxxx)
Date: Thu Apr 26 2001 - 20:33:17 GMT-3
The original task was "to filter the partucular
address without using filter by ip address".
That's why route-map with "set community no-export"
was suggested.
If the task is to prevent AS100 to be a transit AS, I
would use "filter-list" instead.
f.e I have to implement solution INSIDE of AS100:
r1#
router bgp 100
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 filter-list 1 out
ip as-path access-list 1 permit ^$
or OUTSIDE of AS100:
r2#
router bgp 200
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 filter-list 1 in
ip as-path access-list 1 permit ^100$
Regards,
Vladimir
--- Ramesh Ramasamy <ramesh_ramasamy@hotmail.com>
wrote:
> Vladimir,
>
> Excellant - great explantion.
>
> Pls correct me if am wrong:
> IF we have access to the EBGP neighbor, could we
> achieve the
> same by - 'neighbor r2-IPadd route-map no-trans' and
> rte-map
> 'no-trans' having 'ip as-path 1 permit ^100$' --
> this i hope
> will only accept updates from r2/as100.
>
> Thanks,
> Ramesh.
>
>
> >From: Vladimir Shchutski <vshchutski@yahoo.com>
> >Reply-To: Vladimir Shchutski <vshchutski@yahoo.com>
> >To: Jerry Hutcheson <jhutches@cisco.com>,
> Masood Malik
> ><malikm24@hotmail.com>, "Chia Kim Seng,
> Consultant, SCSNW-Sales"
> ><chiaks@scsnetworks.scs.com.sg>, "Dean,
> Justin"
> ><Justin.Dean@nrtinc.com>, ccielab@groupstudy.com
> >Subject: Re: BGP filtering without IP address
> Filters
> >Date: Wed, 25 Apr 2001 11:01:44 -0700 (PDT)
> >
> >Will try to make it clear.
> >
> >r1#
> >router bgp 100
> >neighbor 1.1.1.1 remote-as 100 #IBGP to r2
> >neighbor 2.2.2.2 remote-as 200 #EBGP to r3
> >neighbor 1.1.1.1 send-community
> >neighbor 2.2.2.2 send-community
> >
> >route-map SET_NO_EXPORT permit 10
> >match ip address 1
> >set community no-export
> >route-map SET_NO_EXPORT permit 10
> >
> >access-list 1 ..........
> >
> >1) R1 won't pass the the route to R3
> >neighbor 1.1.1.1 route-map SET_NO_EXPORT in
> >
> >2) __Only__ R2 won't pass the route to other AS
> >neighbor 1.1.1.1 route-map SET_NO_EXPORT out
> >
> >3) The route won't be sent out of AS100
> >neighbor 2.2.2.2 route-map SET_NO_EXPORT in
> >
> >4) __ASK___ AS200 not to pass the route to other AS
> >neighbor 2.2.2.2 route-map SET_NO_EXPORT out
> >
> >Regards,
> >Vladimir
> >
> >--- Jerry Hutcheson <jhutches@cisco.com> wrote:
> > > Massod,
> > >
> > > If the requirement is to not allow your own
> local AS
> > > (100) to be a transit AS, and you use the
> community
> > > no export would you use a send-community out or
> in,
> > > at the ebgp peer (R2)? I have heard it both ways
> it
> > > seems to me that it should be a send community
> in.
> > >
> > > thanks,
> > >
> > > jerry
> > >
> > > and At 09:04 AM 4/25/2001 +1000, Masood Malik
> > > wrote:
> > > >RE: BGP filtering without IP address FiltersHi,
> > > >
> > > >The main difference between no-export and
> > > no-advertise is as follows.
> > > >
> > > >When no-export community is set in an AS for a
> > > route it will be passed through
> > > >all the routers in the same AS (IBGP) and also
> to
> > > the next neighbour AS
> > > >(EBGP). However, this neighbour AS will not
> pass it
> > > to its up stream AS.
> > > >
> > > >Thus no-exports cannot work in the same AS.
> > > >
> > > >When you set no-advertise community on a router
> in
> > > any AS, the route will not
> > > >be advertised to any neighbour AS whether it is
> > > same (IBGP) or different
> > > >(EBGP).
> > > >
> > > >e.g. if you have following scenario
> > > >
> > > >R1 (AS100)---R2
> (AS100)----R3(AS200)------R4(AS300)
> > > >
> > > >If no-export community is set on a route
> entering
> > > R1. You will see the route
> > > >in R2 and R3 but not in R4.
> > > >
> > > >If no-advertise community is set on a route
> > > entering R1. The route will be
> > > >missing in R2, R3 or R4.
> > > >
> > > >Note: In order for all this to work correctly,
> > > ensure setting send-community
> > > >to the neighour AS peers in each router.
> > > >
> > > >regards
> > > >Masood
> > > > ----- Original Message -----
> > > > From: Chia Kim Seng, Consultant, SCSNW-Sales
> > > > To: 'Masood Malik' ; Vladimir Shchutski ;
> Dean,
> > > Justin ;
> > > >ccielab@groupstudy.com
> > > > Sent: Tuesday, April 24, 2001 11:46 AM
> > > > Subject: RE: BGP filtering without IP address
> > > Filters
> > > >
> > > >
> > > > Can I use no-export community instead?
> > > >
> > > > Regards
> > > > Chia Kim Seng
> > > >
> > > > SCS Networks Pte Ltd
> > > > 7 Bedok South Road
> > > > Singapore 469272
> > > > Tel : 065-2403164
> > > > Fax: 065-2403110
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Masood Malik
> [mailto:malikm24@hotmail.com]
> > > > Sent: Tuesday, April 24, 2001 6:21 AM
> > > > To: Vladimir Shchutski; Dean, Justin;
> > > ccielab@groupstudy.com
> > > > Subject: Re: BGP filtering without IP address
> > > Filters
> > > >
> > > >
> > > >
> > > > set no-advertise community for 1.1.1.1 on R2
> > > >
> > > > regards
> > > > Masood
> > > >
> > > > ----- Original Message -----
> > > > From: "Vladimir Shchutski"
> <vshchutski@yahoo.com>
> > > > To: "Dean, Justin" <Justin.Dean@nrtinc.com>;
> > > <ccielab@groupstudy.com>
> > > > Sent: Tuesday, April 24, 2001 7:42 AM
> > > > Subject: Re: BGP filtering without IP address
> > > Filters
> > > >
> > > >
> > > >
> > > > > try community names.
> > > > >
> > > > > Regards,
> > > > > Vladimir.
> > > > >
> > > > > --- "Dean, Justin" <Justin.Dean@nrtinc.com>
> > > wrote:
> > > > > > I am trying to have R2 filter the 1.1.1.1
> > > from being
> > > > > > advertised to R3. The
> > > > > > requirement is that you cannot filter by
> ip
> > > address.
> > > > > > I thought I could tag
> > > > > > it with a route-map at R1 then match tag
> at
> > > R2 and
> > > > > > dump it, but I get an
> > > > > > error trying to put the set tag in the
> > > route-map and
> > > > > > apply it to the
> > > > > > neighbor outbound. I also tried to
> prepend
> > > as's, but
> > > > > > since R1 and R2 are in
> > > > > > same as the route shows as "i". Any
> Ideas?
>
=== message truncated ===
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:58 GMT-3