From: Benedict Munyao (bmunyao@gmail.com)
Date: Tue Oct 23 2007 - 03:34:38 ART
Oops! Thanks for that clarification Mohamed.
Sincerely
Benedict Munyao
On 10/22/07, Mohamed M Moustafa <mmma@gawab.com> wrote:
>
> Hi Benedict,
>
> Nice explaination, but i only have one comment, prefix-list and
> distribute-list are mutually exclusive, and only one command (neighbor
> prefix-list or neighbor distribute-list) can be applied to each inbound or
> outbound direction for a particular neighbor:
>
> Rack1SW2(config-router)#neighbor 1.1.1.1 remote-as 1
> Rack1SW2(config-router)#neighbor 1.1.1.1 distribute-list 1 in
> Rack1SW2(config-router)#neighbor 1.1.1.1 prefix-list 1 in
> Prefix/distribute list can not co-exist
>
>
> BR,
> Mohammed Mahmoud.
>
>
>
> Benedict Munyao <bmunyao@gmail.com> wrote on 22 Oct 2007, 09:07 PM:
> Subject: Re: BGP Filter Question
> >Rich,
> >
> >My understanding of the BGP processing order for outbound policies is as
> >follows.
> >
> >1. All bgp prefixes in the bgp table will get to be processed by
> >"distribute-list" policy.
> >2. Only those allowed by "distribute-list" will be processed by
> >"prefix-list" policy.
> >3. Only those making it past the "prefix-list" will then be checked
> against
> >"filter-list".
> >4. Finally, those which survive the first three filtering policies get to
> >be
> >processed thro the "route-map".
> >
> >Below is the output from labbing this up:
> >
> >
> >AS1 AS3 AS2
> >R1------------------------R3-------------------------------R2
> > 155.1.13.0/24 155.1.23.0/24
> >
> >
> >
> >R1
> >---------------------------------------------------------------------
> >Rack1R1(config-router)#do sh ip int bri | e unass
> >Interface IP-Address OK? Method Status
> >Protocol
> >Serial1/1 155.1.13.1 YES manual up
> >up
> >Loopback0 10.1.1.1 YES manual up
> >up
> >
> >Rack1R1(config-router)#do sh run | s eigrp
> >router eigrp 10
> > network 10.1.1.1 0.0.0.0
> > network 155.1.13.1 0.0.0.0
> > no auto-summary
> >
> >Rack1R1(config-router)#do sh run | s bgp
> >router bgp 1
> > no synchronization
> > bgp log-neighbor-changes
> > neighbor 30.3.3.3 remote-as 3
> > neighbor 30.3.3.3 ttl-security hops 2
> > neighbor 30.3.3.3 update-source Loopback0
> > no auto-summary
> >
> >R3
>
> >-------------------------------------------------------------------------------
> >
> >Rack1R3(config)#do sh ip int bri | e unass
> >Interface IP-Address OK? Method Status
> >Protocol
> >Serial1/2 155.1.13.3 YES manual up
> >up
> >Serial1/3 155.1.23.3 YES manual up
> >up
> >Loopback0 30.3.3.3 YES manual up
> >up
> >Loopback1 31.3.3.3 YES manual up
> >up
> >Loopback2 32.3.3.3 YES manual up
> >up
> >
> >Rack1R3(config)#do sh run | s eigrp
> >router eigrp 10
> > network 30.3.3.3 0.0.0.0
> > network 155.1.13.3 0.0.0.0
> > network 155.1.23.3 0.0.0.0
> > no auto-summary
> >
> >Rack1R3(config)#do sh run | s bgp
> >router bgp 3
> > no synchronization
> > bgp log-neighbor-changes
> > network 30.3.3.0 mask 255.255.255.0
> > network 31.3.3.0 mask 255.255.255.0
> > network 32.3.3.0 mask 255.255.255.0
> > neighbor 10.1.1.1 remote-as 1
> > neighbor 10.1.1.1 ttl-security hops 3
> > neighbor 10.1.1.1 update-source Loopback0
> > neighbor 155.1.23.2 remote-as 2
> > no auto-summary
> >
> >R2
> >------------------------------------------------------------------------
> >Rack1R2(config-router)#do sh ip int bri | e unass
> >Interface IP-Address OK? Method Status
> >Protocol
> >Serial1/1 155.1.23.2 YES manual up
> >up
> >Loopback0 20.2.2.2 YES manual up
> >up
> >
> >Rack1R2(config-router)#do sh run | s eigrp
> >router eigrp 10
> > network 20.2.2.2 0.0.0.0
> > network 155.1.23.2 0.0.0.0
> > no auto-summary
> >
> >Rack1R2(config-router)#do sh run | s bgp
> >router bgp 2
> > no synchronization
> > bgp log-neighbor-changes
> > network 20.2.2.0 mask 255.255.255.0
> > neighbor 155.1.23.3 remote-as 3
> > no auto-summary
> >
> >
> >Before adding policies on R3:
>
> >-----------------------------------------------------------------------------------------------------------
> >
> >Rack1R1(config-router)#do sh ip bgp
> >BGP table version is 7, local router ID is 10.1.1.1
> >Status codes: s suppressed, d damped, h history, * valid, > best, i -
> >internal,
> > r RIB-failure, S Stale
> >Origin codes: i - IGP, e - EGP, ? - incomplete
> >
> > Network Next Hop Metric LocPrf Weight Path
> >* 20.2.2.0/24 30.3.3.3 0 3 2 i
> >* 30.3.3.0/24 30.3.3.3 0 0 3 i
> >* 31.3.3.0/24 30.3.3.3 0 0 3 i
> >* 32.3.3.0/24 30.3.3.3 0 0 3 i
> >Rack1R1(config-router)#
> >
> >
> >With outbound policies on R3
>
> >---------------------------------------------------------------------------------------------------
> >
> >Rack1R3(config-router)#do sh run | s route-map
> >route-map PREPEND permit 10
> > set as-path prepend 3 3
> >route-map PREPEND permit 20
> >
> >Rack1R3(config-router)#do sh run | i access-list
> >ip as-path access-list 1 permit ^2$
> >
> >Rack1R3(config)#router bgp 3
> >Rack1R3(config-router)#neighbor 10.1.1.1 route-map PREPEND out
> >Rack1R3(config-router)#neighbor 10.1.1.1 filter-list 1 out
> >Rack1R3(config-router)#do clear ip bgp * soft
> >
> >
> >Rack1R1(config-router)#do sh ip bgp
> >BGP table version is 7, local router ID is 10.1.1.1
> >Status codes: s suppressed, d damped, h history, * valid, > best, i -
> >internal,
> > r RIB-failure, S Stale
> >Origin codes: i - IGP, e - EGP, ? - incomplete
> >
> > Network Next Hop Metric LocPrf Weight Path
> >* 20.2.2.0/24 30.3.3.3 0 3 3 3 2 i
> >Rack1R1(config-router)#
> >
> >
> >Note that after R3 picked only the prefix from AS2, it then went on to
> >process the route-map.
> >
> >Sincerely
> >Benedict Munyao
> >
> >
> >
> >
> >On 10/17/07, Rich Collins <nilsi2002@gmail.com> wrote:
> >>
> >> The filter list will never see the prepend since it comes before the
> >> route-map.
> >>
> >> For outbound updates the order of preference is:
> >>
> >> 1. prefix-list, distribute-list
> >> 2. filter-list
> >> 3. route-map
> >>
> >>
> >> Let's say you were filtering on the inbound. You could use the below
> >> statement for filtering one or more prepends of 123. This version
> _123$
> >> is
> >> not tight enough.
> >>
> >> ip as-path access-list 1 permit ^(123_)+$
> >>
> >>
> >> -Rich
> >>
> >>
> >> On 10/17/07, Joe Gagznos <kemphall@yahoo.com> wrote:
> >> >
> >> > Just want to check this. I have the following bgp
> >> > configuration:
> >> >
> >> > router bgp 123
> >> > network 1.2.3.0 mask 255.255.255.0
> >> > neighbor 221.122.10.1 remote as 2131
> >> > neighbor 221.122.10.1 route-map pathprepend out
> >> > neighbor 221.122.10.1 filter-list 1 out
> >> >
> >> > route-map pathprepend permit 10
> >> > set as-path prepend 123 123
> >> > route-map pathprepend permit 20
> >> >
> >> > ip as-path access-list 1 permit ^$
> >> > ip as-path access-list 1 permit ^123$
> >> > ip as-path access-list 1 deny .*
> >> >
> >> > Is the as path access list going to fail this route
> >> > advertisement? If I changed the access list to the
> >> > following would I still only be allowing routes
> >> > originating from 123 and allow as much prepending as I
> >> > want?
> >> >
> >> > ip as-path access-list 1 permit ^$
> >> > ip as-path access-list 1 permit _123$
> >> > ip as-path access-list 1 deny .*
> >> >
> >> > Thanks for your help!
> >> >
> >> > __________________________________________________
> >> > Do You Yahoo!?
> >> > Tired of spam? Yahoo! Mail has the best spam protection around
> >> > http://mail.yahoo.com
> >> >
> >> >
> _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
>
> ---------------------------------------------
> Free POP3 Email from www.Gawab.com
> Sign up NOW and get your account @gawab.com!!
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:17 ART