RE: BGP AS-PATH PREPEND from Jeff Lodwick on 2014-01-08 (Ccielab archives 01/2014)

From: Jeff Lodwick <jeff_at_tydesystems.com>
Date: Wed, 8 Jan 2014 10:43:20 -0700

Sam,
I don't think the problem is with the way the route-map and ACL are
configured. I've configured it the way Cisco Fanatic configured it multiple
times and this is the correct way to configure it. The way you are
recommending is accomplishing the same results as the way Cisco Fanatic is
configuring it, but the way Cisco Fanatic is configuring it is actually a
more common way of configuring this. I generally don't recommend denying in
an ACL or prefix-list, then permitting in the route-map because I've seen
problems with this working correctly.

Jeffrey Lodwick - CCIE 15671 R&S
Senior Data Engineer / Owner
Jeff_at_tydesystems.com
Office: 303-346-9988
Mobile: 303-919-1366

www.tydesystems.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Sam
Bibby
Sent: Wednesday, January 08, 2014 10:15 AM
To: Cisco Fanatic
Cc: Tony Singh; ccielab_at_groupstudy.com
Subject: Re: BGP AS-PATH PREPEND

Oh I see, so you want to pre-pend everything except that one route, well
that possible, Try then changing the things so as to deny the route you
don't want to pre-pend & permit everything else

!
router bgp 65500
neighbor 10.255.0.26 route-map AS_CHANGE out !
route-map AS_CHANGE permit 10
match ip address prefix OVER_L2
set as-path prepend 65500 65500 65500
!
ip prefix-list AS_CHANGE deny
ip access-list extended OVER_L2 deny X.X.X..X/XX *!!!the orute you
dont want to prepend*
ip access-list extended OVER_L2 permit 0.0.0.0/0 le 32 *!!!Permit
everything else to get prepended*

Without a full understanding of the topology I have to make some assumptions
& I am trying to understand your issue a bit better,

*1)Because I only want 10.100.60.11 (source) to go over Layer 2 (a name)
10.20.80.11 (destination). The rest should all be prepended. *

*I don't see a route to 10.20.80.11 in the bgp output you send over:* R1#sh
ip bgp
> BGP table version is 196, local router ID is 10.255.255.2 Status
> codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
> r RIB-failure, S Stale, m multipath, b backup-path, x
> best-external, f RT-Filter Origin codes: i - IGP, e - EGP, ? -
> incomplete
> Network Next Hop Metric LocPrf Weight Path
> *> 10.3.0.0/16 0.0.0.0 0 32768 ?
> *> 10.7.0.0/24 0.0.0.0 0 32768 ?
> *> 10.11.0.0/24 0.0.0.0 0 32768 ?
> *> 10.13.0.0/16 10.255.255.1 0 1 65501 ?
> * 10.255.0.26 0 0 65501 65501
65501 65501 ?
> *> 10.16.0.0/24 0.0.0.0 0 32768 ?
> *> 10.20.0.0/24 10.255.255.1 0 1 65501 ?
> * 10.255.0.26 28416 0 65501 65501 65501 65501 ?

\Sam

On Wed, Jan 8, 2014 at 4:53 PM, Cisco Fanatic
<ebay_products_at_hotmail.com>wrote:

> Because I only want 10.100.60.11 (source) to go over Layer 2 (a name)
> 10.20.80.11 (destination). The rest should all be prepended.
>
> ip access-list extended OVER_L2
> permit ip host 10.100.60.11 host 10.20.80.11
>
> With your suggestion all the traffic will be prepended (longer AS
> path) and it will not be the best route.
>
>
> ------------------------------
> Date: Wed, 8 Jan 2014 16:36:40 +0000
>
> Subject: Re: BGP AS-PATH PREPEND
> From: sammybibs_at_gmail.com
> To: ebay_products_at_hotmail.com
> CC: mothafungla_at_gmail.com; ccielab_at_groupstudy.com
>
>
> I'm pretty sure the route map is wrong here,
>
> *!!!Yours*
> !
> *!You match the ACL but don't do anything with it.* !
> route-map AS_CHANGE permit 10
> match ip address OVER_L2
> !
> *! You then pre-pend everything via the match all in the next
> statement* !
> route-map AS_CHANGE permit 20
> set as-path prepend 65500 65500 65500 !
>
> *!!!Suggestion*
> !
> !You match the ACL but don't do anything with it.
> !
> route-map AS_CHANGE permit 10
> match ip address OVER_L2
> set as-path prepend 65500 65500 65500 !
>
> \Sam
>
>
> On Wed, Jan 8, 2014 at 4:31 PM, Cisco Fanatic
<ebay_products_at_hotmail.com>wrote:
>
> Sorry, cut-paste issue, too many notepad open.
>
> R1
> ++
>
> !
> router bgp 65500
> neighbor 10.255.0.26 route-map AS_CHANGE out !
> route-map AS_CHANGE permit 10
> match ip address OVER_L2
> !
> route-map AS_CHANGE permit 20
> set as-path prepend 65500 65500 65500 !
> ip access-list extended OVER_L2
> permit ip host 10.100.60.11 host 10.20.80.11 !
>
> It is still going over the other connection...
>
> R1#traceroute 10.20.80.11
> Type escape sequence to abort.
> Tracing the route to 10.20.80.11
> VRF info: (vrf in name/id, vrf out name/id)
> 1 10.255.255.1 4 msec 0 msec 4 msec
> 2 10.255.255.22 [AS 1] 4 msec 0 msec 4 msec
> 3 10.13.0.253 [AS 65501] 4 msec 4 msec 0 msec
>
>
>
>
>
>
> > Subject: Re: BGP AS-PATH PREPEND
> > From: mothafungla_at_gmail.com
> > Date: Wed, 8 Jan 2014 15:59:21 +0000
> > CC: ccielab_at_groupstudy.com
> > To: ebay_products_at_hotmail.com
> >
> > Where's your match extended ACL in route-map condition ?
> >
> > --
> > BR
> >
> > Tony
> >
> > > On 8 Jan 2014, at 15:47, Cisco Fanatic <ebay_products_at_hotmail.com>
> wrote:
> > >
> > > I understand how AS-PATH PREPEND works, but I am not able to make
> > > it
> work
> if I
> > > need to manipulate traffic paths only from a specific source to a
> specific
> > > destination.
> > >
> > > R1
> > > ++
> > >
> > > !
> > > router bgp 65500
> > >
> > > neighbor 10.255.0.26 route-map AS_CHANGE out
> > >
> > > !
> > > route-map AS_CHANGE permit 10
> > >
> > > set as-path prepend 65500 65500 65500
> > >
> > > !
> > >
> > > R2
> > > ++
> > >
> > > !
> > > router bgp 65501
> > >
> > > neighbor 10.255.0.25 route-map AS_CHANGE out
> > >
> > > !
> > > route-map AS_CHANGE permit 10
> > >
> > > set as-path prepend 65501 65501 65501
> > >
> > > !
> > >
> > > R1#sh ip bgp
> > > BGP table version is 196, local router ID is 10.255.255.2 Status
> > > codes: s suppressed, d damped, h history, * valid, > best, i -
> > > internal,
> > > r RIB-failure, S Stale, m multipath, b backup-path, x
> > > best-external, f RT-Filter Origin codes: i - IGP, e - EGP, ? -
> > > incomplete
> > > Network Next Hop Metric LocPrf Weight Path
> > > *> 10.3.0.0/16 0.0.0.0 0 32768 ?
> > > *> 10.7.0.0/24 0.0.0.0 0 32768 ?
> > > *> 10.11.0.0/24 0.0.0.0 0 32768 ?
> > > *> 10.13.0.0/16 10.255.255.1 0 1 65501 ?
> > > * 10.255.0.26 0 0 65501
> 65501
> 65501
> > > 65501 ?
> > > *> 10.16.0.0/24 0.0.0.0 0 32768 ?
> > > *> 10.20.0.0/24 10.255.255.1 0 1 65501 ?
> > > * 10.255.0.26 28416 0 65501
> 65501
> 65501
> > > 65501 ?
> > >
> > > I need specific traffic from 10.100.60.11 (Source) to specific
> 10.20.80.11
> > > (Destination) over the 10.255.0.26 connection.
> > >
> > >
> > > 10.100.60.11
> > > _` 10.20.80.11
> > >
> > >
> > > Any thoughts?
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > __________________________________________________________________
> > > _____ Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > ____________________________________________________________________
> > ___ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jan 08 2014 - 10:43:20 ART

This archive was generated by hypermail 2.2.0 : Sat Feb 01 2014 - 10:24:52 ART