Re: RE: conditional default advertising in BGP with multiple

From: Koen Zeilstra (koen@koenzeilstra.com)
Date: Mon Oct 29 2007 - 03:33:16 ART

• Next message: slevin kremera: "host port versus access port"
• Previous message: Alan Chng: "Lab date swap on the 11th Dec 07"
• Maybe in reply to: Benedict Munyao: "Re: RE: conditional default advertising in BGP with multiple"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Shamin,

Then I gues the previous solution with this route:

ip route 0.0.0.0 0.0.0.0 Null0 track 1

is incorrect as well.

regards,

Koen

Quoting Shamin <ccie.xpert@gmail.com>:

> Hi all,
>
> The solution is good. But in the actual lab if they do not allow you to do
> a static route,
> then this solution will it help.
>
> Regards
> Shamin
>
>
> On 10/25/07, Koen Zeilstra <koen@koenzeilstra.com> wrote:
>>
>> As an addendum for those who are worried about the default route which
>> can be received via other ways resulting in advertising the default on
>> our router even if we don't want to.
>>
>> Use a (dirty) bogus route to get the AND function
>>
>> track 1 list boolean and
>> object 2
>> object 3
>> !
>> track 2 ip route 1.1.1.0 255.255.255.0 reachability
>> !
>> track 3 ip route 2.2.2.0 255.255.255.0 reachability
>> !
>> interface Loopback1
>> ip address 1.1.1.1 255.255.255.0
>> !
>> interface Loopback2
>> ip address 2.2.2.2 255.255.255.0
>> !
>> interface FastEthernet0/0
>> ip address 100.100.100.1 255.255.255.0
>> duplex auto
>> speed auto
>> !
>> router bgp 100
>> no synchronization
>> bgp log-neighbor-changes
>> neighbor 100.100.100.2 remote-as 100
>> neighbor 100.100.100.2 default-originate route-map CHECK_DEFAULT
>> no auto-summary
>> !
>> ip route 123.123.123.123 255.255.255.255 Null0 track 1
>> !
>> ip prefix-list BOGUS seq 5 permit 123.123.123.123/32
>> !
>> route-map CHECK_BOGUS permit 10
>> match ip address prefix-list BOGUS
>> !
>>
>>
>> Quoting Koen Zeilstra <koen@koenzeilstra.com>:
>>
>> > This works for me. Thanks!!!
>> >
>> >
>> >
>> > Quoting Con Spathas <con@spathas.net>:
>> >
>> >> I was thinking about the BGP config I initially tested with and I
>> really
>> >> didn't like it tbh...
>> >> I've quickly labbed this up and appears to have the same functionality
>> in
>> >> conjunction with the tracked obbjects etc...
>> >> It's alot safer than using a network statement...
>> >>
>> >> Just modified the bgp config and added a prefix-list/route-map combo.
>> >>
>> >> ---------------------
>> >> !
>> >> track 1 list boolean and
>> >> object 2
>> >> object 3
>> >> !
>> >> track 2 ip route 1.1.1.0 255.255.255.0 reachability
>> >> !
>> >> track 3 ip route 2.2.2.0 255.255.255.0 reachability
>> >> !
>> >> interface Loopback1
>> >> ip address 1.1.1.1 255.255.255.0
>> >> !
>> >> interface Loopback2
>> >> ip address 2.2.2.2 255.255.255.0
>> >> !
>> >> interface FastEthernet0/0
>> >> ip address 100.100.100.1 255.255.255.0
>> >> duplex auto
>> >> speed auto
>> >> !
>> >> router bgp 100
>> >> no synchronization
>> >> bgp log-neighbor-changes
>> >> neighbor 100.100.100.2 remote-as 100
>> >> neighbor 100.100.100.2 default-originate route-map CHECK_DEFAULT
>> >> no auto-summary
>> >> !
>> >> ip route 0.0.0.0 0.0.0.0 Null0 track 1
>> >> !
>> >> ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
>> >> !
>> >> route-map CHECK_DEFAULT permit 10
>> >> match ip address prefix-list DEFAULT
>> >> !
>> >>
>> >> -----Original Message-----
>> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> >> Usankin, Andrew
>> >> Sent: Tuesday, 23 October 2007 18:42
>> >> To: ccielab@groupstudy.com
>> >> Subject: RE: RE: conditional default advertising in BGP with multiple
>> routes
>> >> tomonitor
>> >>
>> >> Works like a charm Con! Just got it labbed.
>> >>
>> >> You have cracked this one :)
>> >> I'm taking my word back about "default-info originate", you don't need
>> that
>> >> if you use "network 0.0.0.0".
>> >>
>> >> Andrew
>> >>
>> >> -----Original Message-----
>> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> >> Usankin, Andrew
>> >> Sent: Tuesday, October 23, 2007 10:24 AM
>> >> To: ccielab@groupstudy.com
>> >> Subject: RE: RE: conditional default advertising in BGP with multiple
>> routes
>> >> tomonitor
>> >>
>> >>
>> >> Perfect! I'm going to lab it right away to se how it works.
>> >>
>> >> By the way you missed one command in router bgp 100:
>> >> default-information originate.
>> >>
>> >> Anyway thanks for advise Con!
>> >>
>> >> Andrew
>> >>
>> >> -----Original Message-----
>> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Con
>> >> Spathas
>> >> Sent: Tuesday, October 23, 2007 2:31 AM
>> >> To: 'Koen Zeilstra'; 'Benedict Munyao'
>> >> Cc: ccielab@groupstudy.com
>> >> Subject: RE: RE: conditional default advertising in BGP with multiple
>> routes
>> >> tomonitor
>> >>
>> >> Thought I'd kick my $0.02 in - imho I don't think I'd ever use this
>> possible
>> >> solution in production but kinda fun in a lab - however here
>> >> goes:
>> >>
>> >> I setup BGP peering with 2 routers - R1 <-> R2.
>> >> The goal - have R1 only send R2 a 0/0 via BGP if 2 seperate routes were
>> >> reachable on R1.
>> >>
>> >> On R1 I setup a boolean track and added a static route for 0/0 to null
>> >> watching the boolean track.
>> >>
>> >> !
>> >> track 1 list boolean and
>> >> object 2
>> >> object 3
>> >> !
>> >> ip route 0.0.0.0 0.0.0.0 Null0 track 1
>> >> !
>> >>
>> >> The 2 track objects (2 & 3) are just 2 connected interfaces - but I
>> suppose
>> >> you could track anything in the the routing table:
>> >>
>> >> !
>> >> track 2 ip route 1.1.1.0 255.255.255.0 reachability
>> >> !
>> >> track 3 ip route 2.2.2.0 255.255.255.0 reachability !
>> >>
>> >> Finally I setup BGP - the iffy part here is getting 0/0 into the bgp
>> table
>> >> so I added the 0.0.0.0 network to keep it simple.
>> >>
>> >> !
>> >> router bgp 100
>> >> no synchronization
>> >> bgp log-neighbor-changes
>> >> network 0.0.0.0
>> >> neighbor 100.100.100.2 remote-as 1000
>> >> no auto-summary
>> >> !
>> >>
>> >> Careful filtering would need to be in place to even consider doing
>> something
>> >> like this in production.
>> >> Imagine the potential havoc if you unleashed a 0/0 into BGP!!!! <grin>
>> >>
>> >> So now if I kill either of the 1.1.1.0/24 or the 2.2.2.0/24 networks on
>> >> R1 - the static 0/0 route will be withdrawn from the routing table and
>> thus
>> >> the bgp table.
>> >> This in turn will cause BGP to withdraw the 0/0 route to R2. Therefore
>> both
>> >> tracked routes must be reachable before the 0/0 gets sent to the
>> neighbor.
>> >>
>> >> Anyhow with the limited testing I did it seems like a possible solution
>> to
>> >> the AND problem.
>> >>
>> >> Cheers.
>> >>
>> >>
>> >> -----Original Message-----
>> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Koen
>> >> Zeilstra
>> >> Sent: Tuesday, 23 October 2007 07:38
>> >> To: Benedict Munyao
>> >> Cc: ccielab@groupstudy.com
>> >> Subject: Re: RE: conditional default advertising in BGP with multiple
>> routes
>> >> tomonitor
>> >>
>> >> Correct. However for watching two routes this isn't a solution.
>> >>
>> >> Two match clauses in different subblocks cause the default to be
>> announced
>> >> when the first clause is a match. What we need is de default to be
>> announced
>> >> when BOTH match clauses have a positive match.
>> >>
>> >> Quoting Benedict Munyao <bmunyao@gmail.com>:
>> >>
>> >>> The first solution examined in this thread included using "neighbor
>> >>> default-originate route-map" command. The Doccd clarifies why it only
>> >>> uses the "or" logic when comparing the two ACLs:
>> >>>
>> >>> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/
>> >>> hirp_r/rte_pih.htm#wp1123413
>> >>>
>> >>> "Like matches in the same route map subblock are filtered with "or"
>> >>> semantics. If any one match clause is matched in the entire route map
>> >>> subblock, this match is treated as a successful match. Dissimilar
>> >>> match clauses are filtered with "and" semantics. So dissimilar matches
>> >>
>> >>> are filtered logically. If the first set of conditions is not met, the
>> >>
>> >>> second match clause is filtered."
>> >>>
>> >>> HTH
>> >>> Benedict Munyao
>> >>>
>> >>>
>> >>>
>> >>> On 10/19/07, Koen Zeilstra <koen@koenzeilstra.com> wrote:
>> >>>>
>> >>>> Balmik has email this nice solution to me which I would like to share
>> >>
>> >>>> with the group.
>> >>>>
>> >>>> Balmik, I hope you don't mind that I send this to the group.
>> >>>>
>> >>>> I have tested this on my lab and the results in various situations on
>> >>
>> >>>> different platforms
>> >>>>
>> >>>> Situation 1. It only checks line 10 of the route-map, and ignores the
>> >>
>> >>>> rest.
>> >>>> Situation 2. It does a OR. So both routes have to dissapear to remove
>> >>
>> >>>> the default instead of one.
>> >>>>
>> >>>> From:
>> >>>>
>> >>>> http://www.cisco.com/en/US/products/ps6566/products_feature_guide0918
>> >>>> 6a00801a7f7a.html#wp1038479
>> >>>>
>> >>>> I read that outbound BGP route-maps only are supported. I would say
>> >>>> this is a outbound BGP route-map. The only different from standard
>> >>>> advertisement is de conditional default. Maybe it is only intended
>> >>>> for match and set operations on advertised routes.
>> >>>>
>> >>>>
>> >>>>
>> >>>> ----- Forwarded message from balmik@staff.iinet.net.au -----
>> >>>> Date: Fri, 19 Oct 2007 14:07:49 +0800
>> >>>> From: Balmik Soin <balmik@staff.iinet.net.au>
>> >>>> Reply-To: Balmik Soin <balmik@staff.iinet.net.au>
>> >>>> Subject: RE: conditional default advertising in BGP with multiple
>> >>>> routes tomonitor
>> >>>> To: Koen Zeilstra <koen@koenzeilstra.com>, Bob Sinclair
>> >>>> <bob@bobsinclair.net>
>> >>>> Cc: Saul Arjona <saul.arjona.bueno@gmail.com>
>> >>>>
>> >>>> (Removing CCIE groupstudy list for this email)
>> >>>>
>> >>>> I'm not able to test this at the moment, but can I suggest you try a
>> >>>> CONTINUE route-map statement to try and get an AND working?
>> >>>>
>> >>>> Something like a
>> >>>>
>> >>>> Route-map XXX permit 10
>> >>>> Match ip address prefix-list 1
>> >>>> Continue 30
>> >>>>
>> >>>> Route-map XXX deny 20
>> >>>>
>> >>>> Route-map XXX permit 30
>> >>>> Match ip address prefix-list 2
>> >>>>
>> >>>> I don't know if "continue" will work for these kinds of route-maps,
>> >>>> but it's worth a try - if it works, then you can post it to
>> >>>> GroupStudy. I just didn't want to post a "perhaps" email to the group
>> >>
>> >>>> without testing it, and ending up wasting people's time :)
>> >>>>
>> >>>> --
>> >>>> Balmik Soin
>> >>>> Voice Network Engineer Desk: +61-8-9213-1370
>> >>>> Voice Engineering - Network Services Mobile: +61-414-429-266
>> >>>> iiNet Limited balmik@staff.iinet.net.au
>> >>>>
>> >>>>
>> >>>>> -----Original Message-----
>> >>>>> From: Koen Zeilstra [mailto:koen@koenzeilstra.com]
>> >>>>> Sent: Friday, 19 October 2007 1:14 PM
>> >>>>> To: Bob Sinclair
>> >>>>> Cc: Balmik Soin; Saul Arjona; ccielab@groupstudy.com
>> >>>>> Subject: Re: conditional default advertising in BGP with multiple
>> >>>> routes
>> >>>>> tomonitor
>> >>>>>
>> >>>>> Yes we do have a solution for the OR, now we still need a solution
>> >>>>> for the AND function. Matching both routes for one descision.
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> Quoting Bob Sinclair <bob@bobsinclair.net>:
>> >>>>>
>> >>>>> > Koen Zeilstra wrote:
>> >>>>> >> Correct. The conditions are never met for ACL 10.
>> >>>>> >>
>> >>>>> >> I have labbed the original and this solution up, no AND just OR.
>> >>>>> >>
>> >>>>> > Absolutely right! I stand corrected. So do we have a solution
>> >>>>> > for
>> >>>> OR?
>> >>>>> >
>> >>>>> > --
>> >>>>> >
>> >>>>> >
>> >>>>> > Bob Sinclair CCIE 10427 CCSI 30427 www.netmasterclass.net
>> >>>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> ----- End forwarded message -----
>> >>>>
>> >>>> _____________________________________________________________________
>> >>>> __ Subscription information may be found at:
>> >>>> http://www.groupstudy.com/list/CCIELab.html
>> >>>
>> >>> ______________________________________________________________________
>> >>> _ Subscription information may be found at:
>> >>> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >> The content contained in this electronic message is not intended to
>> >> constitute formation of a contract binding TWTC. TWTC will be
>> contractually
>> >> bound only upon execution, by an authorized officer, of a contract
>> including
>> >> agreed terms and conditions or by express application of its tariffs.
>> >>
>> >> This message is intended only for the use of the individual or entity
>> to
>> >> which it is addressed. If the reader of this message is not the
>> intended
>> >> recipient, or the employee or agent responsible for delivering the
>> message
>> >> to the intended recipient, you are hereby notified that any
>> dissemination,
>> >> distribution or copying of this message is strictly prohibited. If you
>> have
>> >> received this communication in error, please notify us immediately by
>> >> replying to the sender of this E-Mail or by telephone.
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >> The content contained in this electronic message is not intended to
>> >> constitute formation of a contract binding TWTC. TWTC will be
>> contractually
>> >> bound only upon execution, by an authorized officer, of a contract
>> including
>> >> agreed terms and conditions or by express application of its tariffs.
>> >>
>> >> This message is intended only for the use of the individual or entity
>> to
>> >> which it is addressed. If the reader of this message is not the
>> intended
>> >> recipient, or the employee or agent responsible for delivering the
>> message
>> >> to the intended recipient, you are hereby notified that any
>> dissemination,
>> >> distribution or copying of this message is strictly prohibited. If you
>> have
>> >> received this communication in error, please notify us immediately by
>> >> replying to the sender of this E-Mail or by telephone.
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found
>> > at:http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: slevin kremera: "host port versus access port"
• Previous message: Alan Chng: "Lab date swap on the 11th Dec 07"
• Maybe in reply to: Benedict Munyao: "Re: RE: conditional default advertising in BGP with multiple"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:19 ART