Solved: BGP Administrative Distance

kirk.brookover · ‎04-12-2011

I want to change the AD of some EBGP routes so that OSPF is the preferred path.

This is what I have configured (it isn't working):

ip access-list standard SetDenAD
permit 130.77.208.0 0.0.0.255

neighbor 172.20.30.2 soft-reconfiguration inbound
neighbor 172.20.30.2 prefix-list denyBGPin in
default-metric 2
distance 25 172.20.30.2 0.0.0.0 SetDenAD

The prefix list has a permit any at the bottom. Do the BGP statements work in order? Will the distance command be processed in the above example?

Edison Ortiz · ‎04-12-2011

The prefix-list won't do anything as the route will enter the BGP table then the distance will modify the AD.

I believe the soft-reconfiguration command is the issue here.

View solution in original post

Edison Ortiz · ‎04-12-2011

prefix-list will be executed first, then distance will modify the route.

You need to clear the BGP neighbor (clear ip bgp *) in order for the distance to take effect and AD 25 won't do it as OSPF AD is 110.

You need to use distance 111 or greater.

kirk.brookover · ‎04-12-2011

This is a test, I didn't want to drastically change routing without seeing it work the way it should. I did clear BGP, it still didn't change the AD of the test route.

Edison Ortiz · ‎04-12-2011

Are you allowing the route to enter? Can I see the prefix-list?

Is the route in the BGP table? Does it remain with AD 20?

kirk.brookover · ‎04-12-2011

ip prefix-list denyBGPin seq 20 deny x.x.241.0/24
ip prefix-list denyBGPin seq 30 deny x.x.242.0/24
ip prefix-list denyBGPin seq 40 deny x.x.243.0/25
ip prefix-list denyBGPin seq 50 deny x.x.246.0/24
ip prefix-list denyBGPin seq 60 deny x.x.248.0/24
ip prefix-list denyBGPin seq 70 deny x.x.249.0/28
ip prefix-list denyBGPin seq 80 deny 10.239.31.0/24
ip prefix-list denyBGPin seq 90 deny 10.239.6.64/27
ip prefix-list denyBGPin seq 100 deny 10.239.6.96/27
ip prefix-list denyBGPin seq 110 deny 10.239.7.0/24
ip prefix-list denyBGPin seq 120 deny 10.251.5.128/25
ip prefix-list denyBGPin seq 130 deny 10.254.254.254/32
ip prefix-list denyBGPin seq 140 deny x.x.254.0/24
ip prefix-list denyBGPin seq 660 deny x.x.0.0/16
ip prefix-list denyBGPin seq 670 deny x.x.0.0/16
ip prefix-list denyBGPin seq 680 deny 10.0.0.0/8
ip prefix-list denyBGPin seq 690 deny 172.22.0.0/18
ip prefix-list denyBGPin seq 800 permit 0.0.0.0/0 le 32

Not sure what you mean by allowing the route to enter. The route is in the BGP table with the default distance of 20.

Edison Ortiz · ‎04-12-2011

It works for me.

Initial route:

sh ip route 130.77.208.0
Routing entry for 130.77.208.0/24
Known via "bgp 56", distance 20, metric 0
Tag 100, type external
Last update from 192.168.2.7 00:00:51 ago
Routing Descriptor Blocks:
* 192.168.2.7, from 192.168.2.7, 00:00:51 ago
      Route metric is 0, traffic share count is 1
      AS Hops 4
      Route tag 100
      MPLS label: none

router bgp 56
no synchronization
bgp log-neighbor-changes
neighbor 192.168.2.7 remote-as 100
distance 25 192.168.2.7 0.0.0.0 SetDenAD
no auto-summary
!
ip access-list standard SetDenAD
permit 130.77.208.0 0.0.0.255

then I cleared ip bgp *

sh ip route 130.77.208.0
Routing entry for 130.77.208.0/24
Known via "bgp 56", distance 25, metric 0
Tag 100, type external
Last update from 192.168.2.7 00:00:20 ago
Routing Descriptor Blocks:
* 192.168.2.7, from 192.168.2.7, 00:00:20 ago
      Route metric is 0, traffic share count is 1
      AS Hops 4
      Route tag 100
      MPLS label: none

Can you remove the soft-reconfiguration inbound?

kirk.brookover · ‎04-12-2011

can you add the prefix list to your test? I think the prefix list in my test is passing the route, and it never hits the distance command.

Thanks for looking at this

Edison Ortiz · ‎04-12-2011

The prefix-list won't do anything as the route will enter the BGP table then the distance will modify the AD.

I believe the soft-reconfiguration command is the issue here.

kirk.brookover · ‎04-12-2011

That did the trick!

Thank you!

Edison Ortiz · ‎04-12-2011

It was using the local copy and not the prefix coming from the neighbor so it was unable to modify it.