Re: bgp policy accounting

From: ccie2be (ccie2be@nyc.rr.com)
Date: Sun Feb 06 2005 - 09:53:12 GMT-3

• Next message: Mohammad Zahid Saeed: "RE: The R&S written"
• Previous message: Ian Henderson: "RE: ATM Back to back Question"
• Maybe in reply to: ccie2be: "bgp policy accounting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dave,

That's the ticket.

The only thing I was doing wrong was how I defined my as-path. I used

ip as-path access-list 1 permit ^100$

instead of

ip as-path access-list 1 permit ^$

Once I changed the as-path statement, it worked like a charm.

Thanks for looking into this and getting back to me.

Tim

----- Original Message -----
From: "DaveW" <kapsi1911@hotmail.com>
To: "ccie2be" <ccie2be@nyc.rr.com>
Cc: "Cisco certification" <ccielab@groupstudy.com>
Sent: Sunday, February 06, 2005 1:46 AM
Subject: Re: bgp policy accounting

> Tim,
>
>
>
> I played around with BGP Policy accounting a bit after I saw your post.
> Correct me if I'm wrong, but it sounds like you 're trying to:
>
>
>
> 1.) track all traffic from AS 200 to any host in AS 100
>
> 2.) track all traffic from AS 200 to any host in AS 54
>
>
>
> From my understanding of BPA what you trying to do is a bit difficult. The
> reason being that your limited to tracking packets using destination IP
> address and input interfaces on routers which will perform BPA (when using
> the "bgp-policy accounting" command). I understand that in later IOS
> releases you can track on output interfaces and source IPs with the
> "bgp-policy accounting output source" command. My routers do not support
the
> source/output command.
>
>
>
> Anyway back to the problem.
>
>
>
> To track all host traffic from AS200 to hosts in AS100 you could......make
> sure that R3 is learning about all destination prefixes of interest from
> it's IBGP peers within AS100 and create as-path list 1 with a ^$ string:
>
>
>
> route-map account permit 10
> match as-path 1
> set traffic-index 2
>
>
>
> This would match all traffic local to AS100, learned from IBGP peers.
Next,
> apply the policy with a table-map and do a "clear ip route *" to update
the
> FIB/RIB. When you do a "show ip cef <prefix>" for any IBGP learned route
> (local to AS100), you should see that the prefix is flagged with
> "traffic-index 2". Once you see the desired prefix is flagged, make sure
> that the "bgp policy-accounting" command is on R3's interface that
connects
> to R1 (because that's the direction incoming traffic we're interested in
> will be entering AS100). Ping the AS100 prefix from AS200. It should track
> it.
>
>
>
>
>
> The only problem is this will also track transit traffic that passes
through
> AS200 destined for AS100 subnets. If you need more detail or need me to
> clarify anything let me know.
>
>
>
> DAve
>
> ----- Original Message -----
> From: "ccie2be" <ccie2be@nyc.rr.com>
> To: "Group Study" <ccielab@groupstudy.com>
> Sent: Friday, February 04, 2005 8:38 AM
> Subject: bgp policy accounting
>
>
> > Hi guys,
> >
> > I never configured this before and so far, I'm not able to make this
work.
> >
> > Here's the topology:
> >
> > AS 200 ---> AS 100 ---> AS 54
> >
> > I need to keep track of traffic from AS 200.
> >
> > And, I want to configure AS 100 such that I can count all traffic from
AS
> 200
> >
> > which is destined to any host in AS 200.
> >
> > I also want to count all traffic from AS 200 that transits AS 100 on
it's
> way
> > to other hosts.
> >
> > R3 is in AS 100 and directly connects to R1 in AS 200.
> >
> > To do this, I followed (I think) the instructions in this link:
> >
> > http://www.cisco.com/warp/public/459/38.html
> >
> > Here's my config for R3: ( I also cleared the BGP sessions after doing
> this
> > config.)
> >
> > interface Serial1/0 <--- Connects to
R1
> &
> > R2
> > ip address 157.1.123.3 255.255.255.0
> > bgp-policy accounting <-- per above link
> > encapsulation frame-relay
> > frame-relay map ip 157.1.123.1 301 broadcast
> > frame-relay map ip 157.1.123.2 302 broadcast
> > no frame-relay inverse-arp
> >
> > Rack1R3#;f router bgp
> > router bgp 100
> > no synchronization
> > table-map SET-BUCKET
> > bgp router-id 150.1.3.3
> > bgp log-neighbor-changes
> > neighbor 157.1.35.5 remote-as 100
> > neighbor 157.1.35.5 route-reflector-client
> > neighbor 157.1.36.6 remote-as 100
> > neighbor 157.1.36.6 route-reflector-client
> > neighbor 157.1.37.7 remote-as 100
> > neighbor 157.1.37.7 route-reflector-client
> > neighbor 157.1.123.1 remote-as 200
> > no auto-summary
> > !
> > ip as-path access-list 1 permit ^100$ <-- For traffic to AS 100
> > ip as-path access-list 2 permit _54_ <-- For traffic to other AS's
> > downstream of AS !00
> > !
> > !
> > route-map SET-BUCKET permit 10
> > match as-path 1
> > set traffic-index 1
> > !
> > route-map SET-BUCKET permit 20
> > match as-path 2
> > set traffic-index 2
> >
> > First I cleared the BGP session between AS 100 and AS 200 and
> >
> > then I went to R1 and ping'd various destinations in R1's bgp table:
> >
> > Rack1R1#sh ip bgp
> > BGP table version is 167, local router ID is 150.1.1.1
> > Status codes: s suppressed, d damped, h history, * valid, > best, i -
> > internal,
> > r RIB-failure, S Stale
> > Origin codes: i - IGP, e - EGP, ? - incomplete
> >
> > Network Next Hop Metric LocPrf Weight Path
> > *> 28.119.16.0/24 157.1.123.3 0 100 54 i
> > *> 28.119.17.0/24 157.1.123.3 0 100 54 i
> > *> 112.0.0.0 157.1.123.3 0 100 54 50
60
> i
> > *> 113.0.0.0 157.1.123.3 0 100 54 50
60
> i
> > *> 114.0.0.0 157.1.123.3 0 100 54 i
> > *> 115.0.0.0 157.1.123.3 0 100 54 i
> > *> 116.0.0.0 157.1.123.3 0 100 54 i
> > *> 117.0.0.0 157.1.123.3 0 100 54 i
> > *> 118.0.0.0 157.1.123.3 0 100 54 i
> > *> 119.0.0.0 157.1.123.3 0 100 54 i
> > *> 157.1.5.0/24 157.1.123.3 0 100 i
> > *> 157.1.7.0/24 157.1.123.3 0 100 i
> > Rack1R1#
> >
> > Rack1R1#;p 116.0.0.0 rep 100
> >
> > Type escape sequence to abort.
> > Sending 100, 100-byte ICMP Echos to 116.0.0.0, timeout is 2 seconds:
> > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> > Success rate is 100 percent (100/100), round-trip min/avg/max = 20/24/44
> ms
> > Rack1R1#p 157.1.7.0 rep 25
> >
> > Type escape sequence to abort.
> > Sending 25, 100-byte ICMP Echos to 157.1.7.0, timeout is 2 seconds:
> > !!!!!!!!!!!!!!!!!!!!!!!!!
> > Success rate is 100 percent (25/25), round-trip min/avg/max = 16/18/20
ms
> > Rack1R1#
> >
> > Then I went back to R3 to see if the traffic was counted. It wasn't:
> >
> > Rack1R3#sh cef inter s1/0 policy-statistics
> > Serial1/0 is up (if_number 5)
> > Corresponding hwidb fast_if_number 5
> > Corresponding hwidb firstsw->if_number 5
> > BGP based Policy accounting is enabled
> > Index Packets Bytes
> > 1 0 0
> > 2 0 0
> > 3 0 0
> > 4 0 0
> > 5 0 0
> > 6 0 0
> > 7 0 0
> > 8 0 0
> > Rack1R3#
> >
> > Can anyone see where I'm screwing up?
> >
> > TIA, Tim
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Mohammad Zahid Saeed: "RE: The R&S written"
• Previous message: Ian Henderson: "RE: ATM Back to back Question"
• Maybe in reply to: ccie2be: "bgp policy accounting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:17 GMT-3