From: maureen schaar (maureen.schaar@gmail.com)
Date: Sat Mar 31 2007 - 15:22:04 ART
Since I was not aware of this, I decided to test it and Sergey is
totally correct. However, you can use a standard acl in the advertise
map, but for the exist-map, it does not work.
Below I have put the test results if anyone is interested.
I am using this configuration:
router bgp xx
neighbor 150.2.12.254 advertise-map ADVERTISE exist-map EXIST
network 2.2.2.0 mask 255.255.255.0
network 3.3.3.0 mask 255.255.255.0
ip access-list extended EXIST
permit ip host 3.3.3.0 any log
ip access-list standard ADVERTISE
permit 2.2.2.0
route-map ADVERTISE permit 10
match ip address ADVERTISE
route-map EXIST permit 10
match ip address EXIST
Both the prefixes 2.2.2.0 and 3.3.3.0 exist in the bgp and routing table.
W2R2#clear ip bgp 150.1.12.254 soft
*Mar 31 20:07:17.055: %SEC-6-IPACCESSLOGNP: list EXIST permitted 0
3.3.3.0 -> 255.255.255.0, 1 packet
*Mar 31 20:07:23.923: BGP(0): 150.1.12.254 2.2.2.0/24 matches
advertise map ADVERTISE, state: Advertise
W2R2#sh access-lists EXIST
Extended IP access list EXIST
10 permit ip host 3.3.3.0 any log (2 matches)
Now when I change the access-list to a standard acl, this happens:
W2R2(config)#no ip access-list ex EXIST
W2R2(config)#ip access-l sta EXIST
W2R2(config-std-nacl)#permit host 3.3.3.0
W2R2(config-std-nacl)#
W2R2#clear ip bgp 150.1.12.254 soft
*Mar 31 20:08:34.051: BGP(0): 150.1.12.254 2.2.2.0/24 matches
advertise map ADVERTISE, state: Withdraw
*Mar 31 20:08:34.051: BGP(0): 150.1.12.254 send unreachable 2.2.2.0/24
*Mar 31 20:08:34.051: BGP(0): 150.1.12.254 send UPDATE 2.2.2.0/24 -- unreachable
And the prefix 2.2.2.0 is indeed no longer advertised.
Maureen
On 3/31/07, Sergey Golovanov <sergey.golovanov@iementor.com> wrote:
> No, it's not true. If using ACL, always use Extended ACL. And try to always
> use a "positive" ACL, that only permits the networks that you are trying to
> specify for the non-exist behavior
>
> ----------------------------------------------------------------------
> Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service Provider/Storage)
> ieMentor Instructor and Content Developer
> sergey.golovanov@iementor.com
> http://www.iementor.com
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Bit
> Gossip
> Sent: Saturday, March 31, 2007 9:25 AM
> To: ccielab@groupstudy.com
> Subject: BGP conditional advert - non-exist-map
>
> Group,
> Is it true that the match condition in a non-exist-map can be ONLY a
> prefix-list?
> The 2 flavors of route-map T5.5NE listed below match one and the same
> prefix:
>
> Rack1R2(config-route-map)#do show ip bgp route-map T5.5NE
>
> Network Next Hop Metric LocPrf Weight Path
> *> 136.1.23.0/24 0.0.0.0 0 32768 i
>
>
> but only the one with the prefix-list match works as a non-exist map.
> The other one with the acl just advertise the prefix no matter what
>
> Thanks,
> Luca.
>
> PS: what about exist-map?
>
>
>
> router bgp 300
> neighbor 136.1.245.5 advertise-map T5.5 non-exist-map T5.5NE
> !
> ip prefix-list T5.5NE seq 5 permit 136.1.23.0/24
> !
> ip access-list standard T5.5NE
> permit 136.1.23.0
> !
> !
>
> 1 ) ~~~~~~~~~~~~~~~~~~~~~~~~~~
> route-map T5.5NE permit 10
> match ip address prefix-list T5.5NE
>
> 2) ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> route-map T5.5NE permit 10
> match ip address T5.5NE
> !
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:53 ART