From: Vladimir Shchutski (vshchutski@xxxxxxxxx)
Date: Thu Apr 26 2001 - 21:06:04 GMT-3
Do not mess it up.
They mentioned "not to use filter by ip add" to forbid
typical "route-map NAME permit 10 match ip
address ..." solution.
regards,
Vladimir.
--- Ramesh Ramasamy <ramesh_ramasamy@hotmail.com>
wrote:
> Thanks. Wrongly assumed 'not to use filter by ip
> add' ...
> and started thinkin why not use as path which has no
> 'ip add'..
> slowly getting used to terminologies.
> so i should not use filter list - when they mention
> dont use ip add?
>
> Regards,
> Ramesh.
>
>
> >From: Vladimir Shchutski <vshchutski@yahoo.com>
> >To: Ramesh Ramasamy <ramesh_ramasamy@hotmail.com>,
> jhutches@cisco.com,
> >malikm24@hotmail.com, ccielab@groupstudy.com
> >Subject: Re: BGP filtering without IP address
> Filters
> >Date: Thu, 26 Apr 2001 16:33:17 -0700 (PDT)
> >
> >The original task was "to filter the partucular
> >address without using filter by ip address".
> >That's why route-map with "set community no-export"
> >was suggested.
> >
> >If the task is to prevent AS100 to be a transit AS,
> I
> >would use "filter-list" instead.
> >
> >f.e I have to implement solution INSIDE of AS100:
> >
> >r1#
> >router bgp 100
> >neighbor 2.2.2.2 remote-as 200
> >neighbor 2.2.2.2 filter-list 1 out
> >ip as-path access-list 1 permit ^$
> >
> >or OUTSIDE of AS100:
> >
> >r2#
> >router bgp 200
> >neighbor 1.1.1.1 remote-as 100
> >neighbor 1.1.1.1 filter-list 1 in
> >ip as-path access-list 1 permit ^100$
> >
> >Regards,
> >Vladimir
> >
> >--- Ramesh Ramasamy <ramesh_ramasamy@hotmail.com>
> >wrote:
> > > Vladimir,
> > >
> > > Excellant - great explantion.
> > >
> > > Pls correct me if am wrong:
> > > IF we have access to the EBGP neighbor, could we
> > > achieve the
> > > same by - 'neighbor r2-IPadd route-map no-trans'
> and
> > > rte-map
> > > 'no-trans' having 'ip as-path 1 permit ^100$' --
> > > this i hope
> > > will only accept updates from r2/as100.
> > >
> > > Thanks,
> > > Ramesh.
> > >
> > >
> > > >From: Vladimir Shchutski <vshchutski@yahoo.com>
> > > >Reply-To: Vladimir Shchutski
> <vshchutski@yahoo.com>
> > > >To: Jerry Hutcheson <jhutches@cisco.com>,
> > > Masood Malik
> > > ><malikm24@hotmail.com>, "Chia Kim Seng,
> > > Consultant, SCSNW-Sales"
> > > ><chiaks@scsnetworks.scs.com.sg>, "Dean,
> > > Justin"
> > > ><Justin.Dean@nrtinc.com>,
> ccielab@groupstudy.com
> > > >Subject: Re: BGP filtering without IP address
> > > Filters
> > > >Date: Wed, 25 Apr 2001 11:01:44 -0700 (PDT)
> > > >
> > > >Will try to make it clear.
> > > >
> > > >r1#
> > > >router bgp 100
> > > >neighbor 1.1.1.1 remote-as 100 #IBGP to
> r2
> > > >neighbor 2.2.2.2 remote-as 200 #EBGP to
> r3
> > > >neighbor 1.1.1.1 send-community
> > > >neighbor 2.2.2.2 send-community
> > > >
> > > >route-map SET_NO_EXPORT permit 10
> > > >match ip address 1
> > > >set community no-export
> > > >route-map SET_NO_EXPORT permit 10
> > > >
> > > >access-list 1 ..........
> > > >
> > > >1) R1 won't pass the the route to R3
> > > >neighbor 1.1.1.1 route-map SET_NO_EXPORT in
> > > >
> > > >2) __Only__ R2 won't pass the route to other AS
> > > >neighbor 1.1.1.1 route-map SET_NO_EXPORT out
> > > >
> > > >3) The route won't be sent out of AS100
> > > >neighbor 2.2.2.2 route-map SET_NO_EXPORT in
> > > >
> > > >4) __ASK___ AS200 not to pass the route to
> other AS
> > > >neighbor 2.2.2.2 route-map SET_NO_EXPORT out
> > > >
> > > >Regards,
> > > >Vladimir
> > > >
> > > >--- Jerry Hutcheson <jhutches@cisco.com> wrote:
> > > > > Massod,
> > > > >
> > > > > If the requirement is to not allow your own
> > > local AS
> > > > > (100) to be a transit AS, and you use the
> > > community
> > > > > no export would you use a send-community out
> or
> > > in,
> > > > > at the ebgp peer (R2)? I have heard it both
> ways
> > > it
> > > > > seems to me that it should be a send
> community
> > > in.
> > > > >
> > > > > thanks,
> > > > >
> > > > > jerry
> > > > >
> > > > > and At 09:04 AM 4/25/2001 +1000, Masood
> Malik
> > > > > wrote:
> > > > > >RE: BGP filtering without IP address
> FiltersHi,
> > > > > >
> > > > > >The main difference between no-export and
> > > > > no-advertise is as follows.
> > > > > >
> > > > > >When no-export community is set in an AS
> for a
> > > > > route it will be passed through
> > > > > >all the routers in the same AS (IBGP) and
> also
> > > to
> > > > > the next neighbour AS
> > > > > >(EBGP). However, this neighbour AS will not
> > > pass it
> > > > > to its up stream AS.
> > > > > >
> > > > > >Thus no-exports cannot work in the same AS.
> > > > > >
> > > > > >When you set no-advertise community on a
> router
> > > in
> > > > > any AS, the route will not
> > > > > >be advertised to any neighbour AS whether
> it is
> > > > > same (IBGP) or different
> > > > > >(EBGP).
> > > > > >
> > > > > >e.g. if you have following scenario
> > > > > >
> > > > > >R1 (AS100)---R2
> > > (AS100)----R3(AS200)------R4(AS300)
> > > > > >
> > > > > >If no-export community is set on a route
> > > entering
> > > > > R1. You will see the route
> > > > > >in R2 and R3 but not in R4.
> > > > > >
> > > > > >If no-advertise community is set on a route
> > > > > entering R1. The route will be
> > > > > >missing in R2, R3 or R4.
> > > > > >
> > > > > >Note: In order for all this to work
> correctly,
> > > > > ensure setting send-community
> > > > > >to the neighour AS peers in each router.
> > > > > >
> > > > > >regards
> > > > > >Masood
> > > > > > ----- Original Message -----
> > > > > > From: Chia Kim Seng, Consultant,
> SCSNW-Sales
> > > > > > To: 'Masood Malik' ; Vladimir Shchutski ;
> > > Dean,
> > > > > Justin ;
> > > > > >ccielab@groupstudy.com
> > > > > > Sent: Tuesday, April 24, 2001 11:46 AM
> > > > > > Subject: RE: BGP filtering without IP
> address
> > > > > Filters
>
=== message truncated ===
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:58 GMT-3