Re: BGP conditional advert - non-exist-map

From: Narbik Kocharians (narbikk@gmail.com)
Date: Wed Apr 04 2007 - 02:10:54 ART

This is the topology:
R2 is connected via a frame P2P connection to R1 and R1 is connected via a
Frame P2P to R3.

R1s Frame connection to R2 has an IP address of 10.1.12.1/24

R2s Frame connection to R1 has an IP address of 10.1.12.2/24

R1s Frame connection to R3 has an IP address of 10.1.13.1/24

R3s Frame connection to R1 has an IP address of 10.1.13.3/24

R1 is advertising its lo0 (1.1.1.1 /8) in BGP

R2 is advertising its loopback0 (2.2.2.2 /8) in BGP

R3 is advertising its Loopback0 (3.3.3./8) in BGP

R1 should be configured according to the following policy:

X If both networks (1.0.0.0 /8 and 2.0.0.0 /8) are up, then both
networks should be advertised to R3.

X If network 1.0.0.0 /8 is down, R1 should NOT advertise network
2.0.0.0/8 to R3.

X If network 2.0.0.0 /8 is down, then R1 should only advertise network
1.0.0.0 /8 to R3.

*On R1*

R1(config)#access-list 1 permit 1.0.0.0 0.255.255.255

R1(config)#access-list 2 permit 2.0.0.0 0.255.255.255

R1(config)#route-map ADV permit 10

R1(config-route-map)#match ip addr 2

R1(config-route-map)#exit

R1(config)#route-map EXIST permit 10

R1(config-route-map)#match ip addr 1

R1(config-route-map)#exit

R1(config)#router bgp 100

R1(config-router)#neighbor 10.1.13.3 advertise-map ADV exist-map EXIST

* *

*To test the first condition:*

* *

*On R1*

*R1#Show ip bgp*

BGP table version is 4, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

    Network Next Hop Metric LocPrf Weight Path

*> 1.0.0.0 0.0.0.0 0 32768 i

*> 2.0.0.0 10.1.12.2 0 0 200
i

*> 3.0.0.0 10.1.13.3 0 0 300
i

*On R2*

*R2#Show ip bgp*

BGP table version is 18, local router ID is 150.1.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

    Network Next Hop Metric LocPrf Weight Path

*> 1.0.0.0 10.1.12.1 0 0 100
i

*> 2.0.0.0 0.0.0.0 0 32768 i

*> 3.0.0.0 10.1.12.1 0 100
300 i

*On R3*

*R3#Show ip bgp*

BGP table version is 19, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network Next Hop Metric LocPrf Weight Path

*> 1.0.0.0 10.1.13.1 0 0 100
i

*> 2.0.0.0 10.1.13.1 0 100
200 i

*> 3.0.0.0 0.0.0.0 0 32768 i

* To test the second condition:*

*On R1*

R1(config)#Int lo0

R1(config-if)#Shut

*To test and verify the configuration:*

* *

*On R1*

*R1#Show ip bgp neighbors 10.1.13.3 advertised-routes*

Total number of prefixes 0

*On R3*

*R3#Sh ip bgp*

BGP table version is 12, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

    Network Next Hop Metric LocPrf Weight Path

*> 3.0.0.0 0.0.0.0 0 32768 i

* *

*Note if network 1.0.0.0 is down none of the networks are advertised to R3.*

* *

*To bring up the Loopback 0 interface of R1:*

* *

*On R1*

R1(config)#Int lo0

R1(config-if)#Shut

* *

*To verify the configuration:*

* *

*On R3*

* *

*R3#Sh ip bgp*

BGP table version is 14, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

    Network Next Hop Metric LocPrf Weight Path

*> 1.0.0.0 10.1.13.1 0 0 100
i

*> 2.0.0.0 10.1.13.1 0
100 200 i

*> 3.0.0.0 0.0.0.0 0 32768 i

*To test the third condition:*

* *

*On R2*

* *

R2(config)#int lo0

R2(config-if)#Shut

*On R1*

* *

*R1#Show ip bgp neighbors 10.1.13.3 advertised-routes*

BGP table version is 6, local router ID is 10.1.13.1

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

     Network Next Hop Metric LocPrf Weight Path

*> 1.0.0.0 0.0.0.0 0 32768 i

Total number of prefixes 1

*On R3*

*R3#Show ip bgp*

BGP table version is 17, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

     Network Next Hop Metric LocPrf Weight Path

*> 1.0.0.0 10.1.13.1 0 0 100
i

*> 3.0.0.0 0.0.0.0 0 32768 i

* *

On 4/3/07, Bit Gossip <bit.gossip@chello.nl> wrote:
>
> Narbik,
> can you make an example ......
> Thsnks,
> Luca.
>
> On Mon, 2007-04-02 at 20:33 -0700, Narbik Kocharians wrote:
> > It all depends on what you want to do and what the policy is. You
> > should NOT set that as a rule.
> >
> > On 3/31/07, Bit Gossip <bit.gossip@chello.nl> wrote:
> > This is very interesting, better to find out this things now
> > than during the
> > exam ......
> >
> > I have labbed the NON-EXIST map with extended ACL and I have
> > to confirm that
> > it doesn't work.
> > To recap the only flavor that seems to work in NON-EXIST map
> > is prefix-list
> > Below the config for extended ACL
> > Thanks,
> > Luca.
> >
> > router bgp 300
> > <...>
> > neighbor 136.1.245.5 remote-as 200
> > neighbor 136.1.245.5 advertise-map T5.5 non-exist-map T5.5NE
> > !
> > ip prefix-list T5.5 seq 5 permit 136.1.29.0/24
> > !
> > ip prefix-list T5.5NE seq 5 permit 136.1.23.0/24
> > !
> > ip access-list standard T5.5NE
> > permit 136.1.23.0
> > !
> > ip access-list extended T5.5NE-EXTENDED
> > permit ip host 136.1.23.0 host 255.255.255.0
> > !
> > route-map T5.5NE permit 10
> > match ip address T5.5NE-EXTENDED
> > !
> > route-map T5.5 permit 10
> > match ip address prefix-list T5.5
> >
> >
> > Rack1R2#show ip bgp route-map T5.5
> > Network Next Hop Metric LocPrf Weight
> > Path
> > *> 136.1.29.0/24 0.0.0.0 0 32768 i
> >
> > Rack1R2#show ip bgp route-map T5.5NE
> > Network Next Hop Metric LocPrf Weight
> > Path
> > *> 136.1.23.0/24 0.0.0.0 0 32768 i
> >
> > As both AD-MAP and NON-EXIST map are true, the prefix
> > 139.1.29/24 should not
> > be advertise, but it is!!
> > It is not advertised instead when using prefix list in the
> > route-map T5.5NE
> >
> >
> >
> > ----- Original Message -----
> > From: "maureen schaar" <maureen.schaar@gmail.com>
> > To: "Sergey Golovanov" <sergey.golovanov@iementor.com>
> > Cc: "Bit Gossip" <bit.gossip@chello.nl>;
> > <ccielab@groupstudy.com>
> > Sent: Saturday, March 31, 2007 8:22 PM
> > Subject: Re: BGP conditional advert - non-exist-map
> >
> >
> > > Since I was not aware of this, I decided to test it and
> > Sergey is
> > > totally correct. However, you can use a standard acl in the
> > advertise
> > > map, but for the exist-map, it does not work.
> > > Below I have put the test results if anyone is interested.
> > >
> > > I am using this configuration:
> > >
> > > router bgp xx
> > > neighbor 150.2.12.254 advertise-map ADVERTISE exist-map
> > EXIST
> > > network 2.2.2.0 mask 255.255.255.0
> > > network 3.3.3.0 mask 255.255.255.0
> > >
> > > ip access-list extended EXIST
> > > permit ip host 3.3.3.0 any log
> > >
> > > ip access-list standard ADVERTISE
> > > permit 2.2.2.0
> > >
> > > route-map ADVERTISE permit 10
> > > match ip address ADVERTISE
> > >
> > > route-map EXIST permit 10
> > > match ip address EXIST
> > >
> > > Both the prefixes 2.2.2.0 and 3.3.3.0 exist in the bgp and
> > routing table.
> > >
> > >
> > > W2R2#clear ip bgp 150.1.12.254 soft
> > > *Mar 31 20:07:17.055: %SEC-6-IPACCESSLOGNP: list EXIST
> > permitted 0
> > > 3.3.3.0 -> 255.255.255.0, 1 packet
> > > *Mar 31 20:07:23.923: BGP(0): 150.1.12.254 2.2.2.0/24
> > matches
> > > advertise map ADVERTISE, state: Advertise
> > >
> > > W2R2#sh access-lists EXIST
> > > Extended IP access list EXIST
> > > 10 permit ip host 3.3.3.0 any log (2 matches)
> > >
> > >
> > > Now when I change the access-list to a standard acl, this
> > happens:
> > >
> > > W2R2(config)#no ip access-list ex EXIST
> > > W2R2(config)#ip access-l sta EXIST
> > > W2R2(config-std-nacl)#permit host 3.3.3.0
> > > W2R2(config-std-nacl)#
> > > W2R2#clear ip bgp 150.1.12.254 soft
> > >
> > > *Mar 31 20:08:34.051: BGP(0): 150.1.12.254 2.2.2.0/24
> > matches
> > > advertise map ADVERTISE, state: Withdraw
> > > *Mar 31 20:08:34.051: BGP(0): 150.1.12.254 send unreachable
> > 2.2.2.0/24
> > > *Mar 31 20:08:34.051: BGP(0): 150.1.12.254 send UPDATE
> > 2.2.2.0/24 --
> > unreachable
> > >
> > > And the prefix 2.2.2.0 is indeed no longer advertised.
> > >
> > >
> > > Maureen
> > >
> > > On 3/31/07, Sergey Golovanov <sergey.golovanov@iementor.com>
> > wrote:
> > > > No, it's not true. If using ACL, always use Extended ACL.
> > And try to
> > always
> > > > use a "positive" ACL, that only permits the networks that
> > you are trying
> > to
> > > > specify for the non-exist behavior
> > > >
> > > >
> >
> ----------------------------------------------------------------------
> > > > Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service
> > Provider/Storage)
> > > > ieMentor Instructor and Content Developer
> > > > sergey.golovanov@iementor.com
> > > > http://www.iementor.com
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:
> > nobody@groupstudy.com] On Behalf Of
> > Bit
> > > > Gossip
> > > > Sent: Saturday, March 31, 2007 9:25 AM
> > > > To: ccielab@groupstudy.com
> > > > Subject: BGP conditional advert - non-exist-map
> > > >
> > > > Group,
> > > > Is it true that the match condition in a non-exist-map can
> > be ONLY a
> > > > prefix-list?
> > > > The 2 flavors of route-map T5.5NE listed below match one
> > and the same
> > > > prefix:
> > > >
> > > > Rack1R2(config-route-map)#do show ip bgp route-map T5.5NE
> > > >
> > > > Network Next Hop Metric LocPrf
> > Weight Path
> > > > *> 136.1.23.0/24 0.0.0.0 0
> > 32768 i
> > > >
> > > >
> > > > but only the one with the prefix-list match works as a
> > non-exist map.
> > > > The other one with the acl just advertise the prefix no
> > matter what
> > > >
> > > > Thanks,
> > > > Luca.
> > > >
> > > > PS: what about exist-map?
> > > >
> > > >
> > > >
> > > > router bgp 300
> > > > neighbor 136.1.245.5 advertise-map T5.5 non-exist-map
> > T5.5NE
> > > > !
> > > > ip prefix-list T5.5NE seq 5 permit 136.1.23.0/24
> > > > !
> > > > ip access-list standard T5.5NE
> > > > permit 136.1.23.0
> > > > !
> > > > !
> > > >
> > > > 1 ) ~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > route-map T5.5NE permit 10
> > > > match ip address prefix-list T5.5NE
> > > >
> > > > 2) ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > route-map T5.5NE permit 10
> > > > match ip address T5.5NE
> > > > !
> > > >
> > > >
> >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> > --
> > Narbik Kocharians
> > CCIE# 12410 (R&S, SP, Security)
> > CCSI# 30832
> > Network Learning, Inc. (CCIE class Instructor)
> > www.ccbootcamp.com (CCIE Training)
>
> 

--
Narbik Kocharians
CCIE# 12410 (R&S, SP, Security)
CCSI# 30832
Network Learning, Inc. (CCIE class Instructor)
www.ccbootcamp.com (CCIE Training)

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:34 ART