Re: Issue with BGP "neighbor default-originate route-map"

From: Toh Soon, Lim (tohsoon28@gmail.com)
Date: Mon Aug 20 2007 - 13:26:06 ART

Hi Victor,

Please see below:

R7#sh ip ro 140.10.76.0
Routing entry for 140.10.76.0/24
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Routing Descriptor Blocks:
  * directly connected, via FastEthernet0/0
      Route metric is 0, traffic share count is 1

R7 is a C2621XM running IOS version 12.4(13a) ADVANCED ENTERPRISE.

Your suggestion of "access-list 100 permit ip 140.10.76.0 0.0.0.255
255.255.255.0 0.0.0.255" will match all subnets of 140.10.76.0/24, i.e. any
of the 140.10.76.x with a mask that ranges from 24 to 32.

As far as extended ACL in BGP route filtering is concerned, my "access-list
100 permit ip host 140.10.76.0 host 255.255.255.0" will match only
140.10.76.0/24 exactly. Correct me if I'm wrong.

I modified ACL100 to be as follows:

access-list 100 permit ip 140.10.76.0 0.0.0.255 any

This ACL permits 140.10.76.x with any mask. With this, R7 sources BGP
0.0.0.0 route to R8. It appears to me we need to define "140.10.76.0
0.0.0.255" in order to match the prefix address whether it's in a standard
or extended ACL. Doing "140.10.76.0 0.0.0.0" never works though
theoretically it should work. Then again, in my scenario I'm using ACL in
the context of "neighbor default-originate route-map" and not in "neighbor
distribute-list".

As for now, I will settle with Method 2 until someone manage to demystify
this issue.

Group, thanks for all your responses and suggestions.

B.Rgds,
Lim TS

On 8/20/07, Victor Cappuccio <vcappuccio@ccbootcamp.com> wrote:
>
> Hi Lim
>
> for me Method 1 and 3 are working correctly. Can you please send a show ip
> route 140.10.76.0 on R7
>
> for method 3 can you please modify your access-list like
>
> access-list 100 permit ip 140.10.76.0 0.0.0.255 255.255.255.0 0.0.0.255
>
> I recreated a quick topology using this dynamips configuration
>
> R2:
> c:\Dyn\dynamips-wxp.exe -i 2 -t npe-400 -r 128 -p 1:PA-FE-TX -p 2:PA-FE-TX
> -p 3:PA-FE-TX -p 4:PA-FE-TX -p 5:PA-FE-TX -p 6:PA-FE-TX -k 40 --idle-pc
> 0x608928c0 -A 3002 -s 2:0:udp:212020:127.0.0.1:122020 -s 1:0:udp:231010:
> 127.0.0.1:321010 C:\Dyn\I\C7200-IS-.BIN
>
> R3:
> c:\Dyn\dynamips-wxp.exe -i 3 -t npe-400 -r 128 -p 1:PA-FE-TX -p 2:PA-FE-TX
> -p 3:PA-FE-TX -p 4:PA-FE-TX -p 5:PA-FE-TX -p 6:PA-FE-TX -k 40 --idle-pc
> 0x608928c0 -A 3003 -s 3:0:udp:313030:127.0.0.1:133030 -s 1:0:udp:321010:
> 127.0.0.1:231010 C:\Dyn\I\C7200-IS-...BIN
>
> and for method 3
>
> R3#show ip bgp summ
> BGP router identifier 3.3.3.3, local AS number 300
> BGP table version is 9, main routing table version 9
>
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
> Up/Down State/PfxRcd
>
> 128.1.23.2 4 200 40 33 9 0 0
> 00:19:46 0
>
>
> R2(config)#no access-list 101
> R2(config)#do show route-map
> route-map DEFtoR3, permit, sequence 10
> Match clauses:
> ip address (access-lists): 101
> Set clauses:
> Policy routing matches: 0 packets, 0 bytes
> R2(config)#
> *Aug 19 22:40:06.139: BGP: 128.1.23.3 rcv message type 5, length (excl.
> header)
> 4
> *Aug 19 22:40:06.143: BGP: 128.1.23.3 rcv REFRESH_REQ for afi/sfai: 1/1
> *Aug 19 22:40:06.143: BGP: 128.1.23.3 start outbound soft reconfig for
> afi/safi:
> 1/1
> R2(config)#
> 1/1
> R2(config)#access-list 101 permit ip 2.2.2.0 0.0.0.255 255.255.255.0
> 0.0.0.255
>
> R3#show ip bgp summ
> BGP router identifier 3.3.3.3, local AS number 300
> BGP table version is 10, main routing table version 10
> 1 network entries using 117 bytes of memory
> 1 path entries using 52 bytes of memory
> 2/1 BGP path/bestpath attribute entries using 248 bytes of memory
> 1 BGP AS-PATH entries using 24 bytes of memory
> 0 BGP route-map cache entries using 0 bytes of memory
> 0 BGP filter-list cache entries using 0 bytes of memory
> BGP using 441 total bytes of memory
> BGP activity 5/4 prefixes, 5/4 paths, scan interval 60 secs
>
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
> Up/Down State/PfxRc
>
> 128.1.23.2 4 200 42 34 10 0 0
> 00:20:38 1
>
> Now for method 1
>
> R2(config)#no access-list 101
> R2(config)#
> R2(config)#access-list 1 permit 2.2.2.0 0.0.0.255
> R2(config)#route-map DEFtoR3
> R2(config-route-map)#no match ip add 101
> R2(config-route-map)#mat ip add 1
> R2(config-route-map)#do clear ip bgp * out
> R2(config-route-map)#do show ip bgp neigh 128.1.23.3 ad
>
> R3#show ip bgp summ
> BGP router identifier 3.3.3.3, local AS number 300
> BGP table version is 12, main routing table version 12
> 1 network entries using 117 bytes of memory
> 1 path entries using 52 bytes of memory
> 2/1 BGP path/bestpath attribute entries using 248 bytes of memory
> 1 BGP AS-PATH entries using 24 bytes of memory
> 0 BGP route-map cache entries using 0 bytes of memory
> 0 BGP filter-list cache entries using 0 bytes of memory
> BGP using 441 total bytes of memory
> BGP activity 6/5 prefixes, 6/5 paths, scan interval 60 secs
>
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
> Up/Down State/PfxRc
>
> 128.1.23.2 4 200 48 37 12 0 0
> 00:22:30 1
> R3#show ip bgp
> BGP table version is 12, local router ID is 3.3.3.3
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
> r RIB-failure, S Stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
> *> 0.0.0.0 128.1.23.2 0 0 200 i
>
>
> thanks,
> Victor Cappuccio.-
> - CCSI# 31452
>
> CCBOOTCAMP - A Cisco Sponsored Organization (SO)
> vcappuccio@ccbootcamp.com
> Toll Free: 877-654-2243
> Direct: +1-702-968-5100 = Outside the USA
> FAX: +1-702-446-8012
> YES! We take Cisco Learning Credits!
> Training And Remote Racks: http://www.ccbootcamp.com
>
> Register to win a free iPhone! http://www.ccbootcamp.com/iphone.html
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com on behalf of Toh Soon, Lim
> Sent: Mon 20-Aug-07 12:58 AM
> To: ccielab@groupstudy.com
> Subject: Issue with BGP "neighbor default-originate route-map" command
>
> Hi All,
>
> I'm trying the BGP "neighbor default-originate route-map" command. R7 will
> inject route 0.0.0.0 to R8 only if there is a route to 140.10.76.0/24. The
> 140.10.76.0/24 happens to be R7's connected Fa0/0 interface.
> !
> router bgp 700
> neighbor 140.10.78.8 remote-as 800
> neighbor 140.10.78.8 description *** R8 in AS 800 ***
> neighbor 140.10.78.8 default-originate route-map DEFtoR8
> !
>
> Method 1
> --------
> route-map DEFtoR8 permit 10
> match ip address 1
> !
> access-list 1 permit 140.10.76.0
>
> Method 2
> --------
> route-map DEFtoR8 permit 10
> match ip address 10
> !
> access-list 10 permit 140.10.76.0 0.0.0.255
>
> Method 3
> --------
> route-map DEFtoR8 permit 10
> match ip address 100
> !
> access-list 100 permit ip host 140.10.76.0 host 255.255.255.0
>
> Method 4
> --------
> route-map DEFtoR8 permit 10
> match ip address prefix-list TEST
> !
> ip prefix-list TEST seq 5 permit 140.10.76.0/24
>
>
> Only Methods 2 & 4 successfully source a BGP 0.0.0.0 route to R8 when
> Fa0/0
> is up on R7. Can anyone explain why Methods 1 & 3 do not work? The ACL1 in
> Method 1 is the usual way I use to match prefixes and I expect it to work
> in
> this scenario.
>
> Also, can you enlighten me the difference between ACL1 and ACL10 above in
> terms of matching prefix 140.10.76.0/24? I was under the impression that
> ACL1 matches the prefix address 140.10.76.0 exactly because the wildcard
> mask is 0.0.0.0. I guess I'm wrong here.
>
>
> Thank you.
>
> B.Rgds,
> Lim TS
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:12 ART