Problem with BGP filter list

From: Fred Danson (fred190044@xxxxxxxxxxx)
Date: Sat Jun 09 2001 - 16:54:29 GMT-3

• Next message: Yasser Mousa: "RE: Problem with BGP filter list"
• Previous message: tommyhu: "Re[2]: NAT"
• Next in thread: Yasser Mousa: "RE: Problem with BGP filter list"
• Maybe reply: Yasser Mousa: "RE: Problem with BGP filter list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hey Group,

I've been practicing a filter-list lab exactly like the one on pages 326-329
in Halabi's book.

Here's the topology:

R2 ----- R7 ----- R3 ----- R4
AS1 --- AS3 --- AS3 --- AS2

My goal here is to make the center AS, AS 3, a non-transit AS. In order to
do this, I've configured filter-lists on R7's neighbor connection to R2, and
R3's neighbor connection to R4. R7 was successful in filtering out transit
routes, but R3 was not! I have the exact same filter list configured on R3
and R7, but it only works on R7!

Here's the R3 (problematic) config (without unnecessary info):

router bgp 3
no synchronization
network 172.16.1.0 mask 255.255.255.0
neighbor 172.16.2.254 remote-as 3
neighbor 172.16.2.254 update-source Loopback0
neighbor 172.16.2.254 next-hop-self
neighbor 192.68.5.2 remote-as 2
neighbor 192.68.5.2 update-source Loopback0
neighbor 192.68.5.2 filter-list 19 out
no auto-summary
ip as-path access-list 19 permit ^$

Here's a show ip bgp from R3:

*> 172.16.1.0/24 0.0.0.0 0 32768 i
* i 172.16.2.254 0 100 0 i
*>i172.16.2.254/32 172.16.2.254 0 100 0 i
*>i172.16.20.0/24 172.16.2.254 0 100 0 i
*> 192.68.10.1/32 192.68.5.2 0 0 2 i
*>i192.68.11.1/32 172.16.2.254 0 100 0 1 i

Here's a show ip bgp regexp ^$ on R3:

*> 172.16.1.0/24 0.0.0.0 0 32768 i
* i 172.16.2.254 0 100 0 i
*>i172.16.2.254/32 172.16.2.254 0 100 0 i
*>i172.16.20.0/24 172.16.2.254 0 100 0 i

Seeing the show ip bgp regexp output on R3, it should be obvious that these
routes will be permitted across the R3 --- R4 link. Am I forgetting anythere
here guys?

Here's the show ip bgp on R4:

*> 192.68.10.1/32 0.0.0.0 0 32768 i

Here's a show ip bgp neighbor on R4:

BGP neighbor is 172.16.65.1, remote AS 3, external link
Index 1, Offset 0, Mask 0x2
  BGP version 4, remote router ID 172.16.65.1
  BGP state = Established, table version = 2, up for 00:20:02
  Last read 00:00:02, hold time is 180, keepalive interval is 60 seconds
  Minimum time between advertisement runs is 30 seconds
  Received 122 messages, 0 notifications, 0 in queue
  Sent 123 messages, 0 notifications, 0 in queue
  Prefix advertised 10, suppressed 0, withdrawn 1
  Connections established 9; dropped 8
  Last reset 00:20:43, due to User reset
  0 accepted prefixes consume 0 bytes
  0 history paths consume 0 bytes
  External BGP neighbor may be up to 2 hops away.
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Local host: 192.68.5.2, Local port: 179
Foreign host: 172.16.65.1, Foreign port: 11015

Any ideas?

Thanks in advance,
Fred

• Next message: Yasser Mousa: "RE: Problem with BGP filter list"
• Previous message: tommyhu: "Re[2]: NAT"
• Next in thread: Yasser Mousa: "RE: Problem with BGP filter list"
• Maybe reply: Yasser Mousa: "RE: Problem with BGP filter list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:21 GMT-3