Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3621
Views
0
Helpful
6
Replies

BGP advertise-map vs route-map filtering

sebastianvandijk
Level 1
Level 1

‎06-27-2017 06:03 AM - edited ‎03-05-2019 08:46 AM

Hi all,


I have an issue with our BGP setup where outbound MED value seems to be ignored somehow.

To describe the setup;

- we have 2 sites, each with ASA firewalls's connected to our provider's routers and to our internal routers.
- We want to advertise our public subnet (/24) on both sites and specific /32 addresses, from the /24 range, on specific sites configured with MED.

We want to have conditional advertisements depending on the availability of internal networks.
And we want to filter which specific routes are advertised towards our provider.

So we've configured this setup:

1. Add Null routes so BGP can advertise the routes (we use NAT on our ASA)
route Null0 1.2.3.0 255.255.255.0 1 --> This is our /24 subnet
route Null0 1.2.3.25 255.255.255.255 1 --> This is a /32 address

2. Create a prefix-list and route-map for the advertised route (150 is for site 1, 50 is for site 2)
prefix-list CUST-PUBLIC-ADVERTISE_PL seq 5 permit 1.2.3.25/32

route-map CUST-PUBLIC-ADVERTISE_RM permit 10
 match ip address prefix-list CUST-PUBLIC-ADVERTISE_PL
  set metric 150
!
route-map CUST-PUBLIC-ADVERTISE_RM deny 20

3. Create a prefix-list and route-map for the route to be checked on availability
prefix-list CUST-PRIVATE-CHECK_PL seq 5 permit 10.0.0.0/24

route-map CUST-PRIVATE-CHECK_RM permit 10
 match ip address prefix-list CUST-PRIVATE-CHECK_PL
route-map CUST-PRIVATE-CHECK_RM deny 20

4. Create a prefix-list and route-map to include the static routes for the /32 and /24
prefix-list STATIC-BGP_PL seq 1 permit 1.2.3.0/24 ge 25
prefix-list STATIC-BGP_PL seq 6 permit 1.2.3.0/24
route-map STATIC-BGP_RM permit 10
 match ip address prefix-list STATIC-BGP_PL
!
route-map STATIC-BGP_RM deny 20

5. Create a prefix-list and route-map which filters the advertised networks to our provider
prefix-list 24-SUB-ALL_PL seq 5 permit 1.2.3.0/24

route-map Provider-OUT_RM permit 10
 match ip address prefix-list CUST-PUBLIC-ADVERTISE_PL 24-SUB-ALL_PL
!
route-map Provider-OUT_RM deny 20

6. Combine everything in the BGP configuration

router bgp 111111
 bgp log-neighbor-changes 
 bgp graceful-restart
 bgp router-id 10.10.10.10
  address-family ipv4 unicast
   neighbor 10.10.10.11 remote-as 2222
   neighbor 10.10.10.11 activate
   neighbor 10.10.10.11 advertise-map CUST-PUBLIC-ADVERTISE_RM exist-map CUST-PRIVATE-CHECK_RM
   neighbor 10.10.10.11 route-map Provider-OUT_RM out
   redistribute static route-map STATIC-BGP_RM
  no auto-summary
  no synchronization
 exit-address-family


Is this the right way to do it ? Because it looks like something is wrong.
When we activate this configuration it looks like the MED is ignored.

Now i am unsure about if the advertise-map combined with the route-map will work and in what order they will be applied.
We need the advertise-map to conditionally advertise /32's and set a MED.
We need the route-map to filter the advertised networks to the provider.


It looks like the route-map Provider-OUT_RM with prefixes overrules the conditional advertisement route-map CUST-PUBLIC-ADVERTISE_RM

Can anybody clarify this ?

ps All IP/AS/Naming is replaced for security purposes

Labels:
0 Helpful
6 Replies 6

Georg Pauwen
VIP
VIP

‎06-27-2017 03:18 PM

Hello,

this should work as designed.Is 1.2.3.25/32 advertised at all ? What happens if you remove 

neighbor 10.10.10.11 route-map Provider-OUT_RM out

as I think this might override the advertise/exist map ?

0 Helpful

sebastianvandijk
Level 1
Level 1
In response to Georg Pauwen

‎06-28-2017 01:12 AM

Hi Georg, 

Unfortunately i can't try that as it is part of production already.

Also i don't want the internal networks to be advertised to our provider.

Can you point me to a location which mentions the order of operation on conditional advertisements / route-maps e.t.c. ?

0 Helpful

Georg Pauwen
VIP
VIP
In response to sebastianvandijk

‎06-28-2017 01:30 AM

Hello,

I just simulated this in GNS, it seems that the metric set in the advertise map takes precedence, and any other route maps setting metric take no effect.

Which means your setup should work...and it doesn't.

I used standard access lists instead of prefix lists, no sure if that makes a difference. 

access-list 1 permit 1.2.3.25 <-- make sure you enter this as 1.2.3.25 0.0.0.0

route-map CUST-PUBLIC-ADVERTISE_RM permit 10
match ip address 1
set metric 150

0 Helpful

cofee
Level 5
Level 5

‎06-28-2017 09:06 AM

Not sure if this applies in this scenario, but since you asked when multiple filters are applied, in what order they are processed.

I am quoting this from Jeff Doyle's book on BGP "There is a much simpler answer to all this, which is that the processing order doesn't matter. If there are multiple filters confogured for the same direction for a single neighbor, a route must be permitted by all of the filters for it to be accepted (incoming) or advertised (outgoing).If a particular incoming route is matched in prefix-list, route-map or filter list, and if the accompaning action to any of those matches is a deny, the route will be discarded no matter which the three filters evaluate the route. Most important, if the route is matched, modified, and permitted by the route-map but denied by either the prefix list or AS path filter it will be discarded".

0 Helpful

gnijs
Level 4
Level 4

‎12-10-2020 04:25 AM - edited ‎12-10-2020 04:27 AM

This is interesting.

I have the same situation: a route-map outbound <allow all but set as-path-prepend>

and an advertise-map which only allows some prefixes in case NON-EXIST route is missing

 

What i am seeing is that when the advertise-map is NOT triggered (the NON-EXIST route is present)

all prefixes seem to be allowed outbound ?? because the route-map allows them.

 

I assume that when the advertise-map is enforced (in case of backup), the routes will get filtered by the advertise-map (haven't tested it in GNS though)

0 Helpful

Marco Monge Pascual
Level 1
Level 1

‎10-17-2023 08:11 AM - edited ‎10-17-2023 08:17 AM

Hello, I have the same problem and this is the only place on the internet that I have found that this is discussed. From my lab testing, advertise-map only work with route-map out if they reference the same route-map or if there is no route-map out at all. For example: 

neig 1.2.3.4 advertise-map A exist-map B
neig 1.2.3.4 route-map A out

This will stop announcing network referenced by route-map A if network referenced by route-map B is not received.

The problem is when you configure the following:

neig 1.2.3.4 advertise-map A exist-map B
neig 1.2.3.4 route-map C out

This do not work. No matters if the networks referenced by route-map A are excluded or included in route-map C. 

If included, then the conditional advertisment do not work, I mean, if network referenced by route-map B is not received, the net referenced by route-map A is still announced because of the route-map C allows it.

If excluded, even when the net referenced by route-map B exist, the net referenced by route-map A is filtered by route-map C.


0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card