Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2494
Views
10
Helpful
15
Replies

BGP and route-map processing

Go to solution
verma-rohit
Level 1
Level 1

‎12-10-2019 06:08 AM - edited ‎12-10-2019 08:06 AM

Hi,

I am aware that when there is a match in route-map, processing stops. However I have across a situation where route-maps processing is posing a challenge to me.

It is a lengthy post, so please stick with me.

 

Host-A ( AS 64886 )  ----->  WAN

Host-A is connected to WAN and is running BGP. Host-A as a route map configured on WAN peer.

-------------------------------------------------------------------------------------

Default Route and communities on local Router ( Host-A)
------------------------------------------------------------------------------
Host-A#show bgp vpnv4 unicast vrf blue 0.0.0.0
BGP routing table entry for 192.168.1.1:100:0.0.0.0/0, version 435894
BGP Bestpath: deterministic-med
Paths: (2 available, best #1, table blue)
Multipath: eBGP iBGP
Advertised to update-groups:
1 5 8
Refresh Epoch 1
65000 9318, (Received from a RR-client)
192.168.5.2 (metric 11) (via default)
Origin IGP, metric 0, localpref 950, valid, internal, multipath, best
Community: 163:17243 2002:35 2002:57 2002:1004
Extended Community: RT:8:100
mpls labels in/out nolabel/17
rx pathid: 0, tx pathid: 0x0

 

----------------------------------------------------------------------------------
When default route is received on WAN side, it has as-path prepended to it.

XXXXXXXX--#show bgp vpnv4 unicast vrf B0001 neighbors 9.194.65.253 routes

*> 0.0.0.0     192.168.1.1     0 64886 64886 64886 65000 9318 i

 

-----------------------------------------------------------------------------------
Route-map rm_to_ce_blue is applied on WAN peer .I am aware the processing stops when there is a match. However
sequence 100 and 220 is getting processed. Isn't processing suppose to stop when seq 100 matches ?

 

route-map rm_to_ce_blue deny 100
description ** Deny prefixes matching policy **
match policy-list rp_lolo_source rp_site_multi_source ( shared below )


route-map rm_to_ce_blue permit 200 ( No match )
description ** Set no-export on neighbor-scope site prefixes from same block and AS **
match ip address prefix-list pl_site_allocation_blue pl_site_allocation_global
match policy-list rp_neighbor_scope
continue 300
set community no-export additive


route-map rm_to_ce_blue permit 210 ( No Match )
description ** Set no-export on local-scope site prefixes from same AS or adjacent AS **
match ip address prefix-list pl_site_allocation_blue pl_site_allocation_global
match policy-list rp_local_scope
match policy-list rp_adjacent_asn rp_same_asn
match ipv6 address prefix-list pl6_site_allocation_blue
continue 300
set community no-export additive

route-map rm_to_ce_blue permit 220 ( match )
description ** Prepend AS on regional default route prefix **
match ip address prefix-list pl_default_route
match policy-list rp_regional_scope
match ipv6 address prefix-list pl6_none
continue 300
set as-path prepend 64886 64886 ( shared below )

 

Policy-Lists & associated Communities
-------------------------------------

Host-A#show ip policy-list rp_site_multi_source
policy-list rp_site_multi_source permit
Match clauses:
community (community-list filter): 102

Host-A#show ip community-list 102
Community (expanded) access list 102
deny _2002:57_
deny _2002:59_
permit _2002:35_

Host-A#show ip prefix-list pl_default_route
ip prefix-list pl_default_route: 2 entries
seq 100 permit 0.0.0.0/0
seq 1000 deny 0.0.0.0/0 le 32

Host-A#show ip policy-list rp_regional_scope
policy-list rp_regional_scope permit
Match clauses:
community (community-list filter): 57

Host-A#show ip community-list 57
Community standard list 57
permit 2002:57

Host-A#show ipv6 prefix-list pl6_none
ipv6 prefix-list pl6_none: 1 entries
seq 1000 deny ::/0 le 128

ip prefix-list pl_site_allocation_blue does not have 0.0.0.0/0 in it.

 

Labels:
0 Helpful
15 Replies 15

Go to solution
verma-rohit
Level 1
Level 1
In response to Giuseppe Larosa

‎12-11-2019 10:04 AM

Thanks a lot, @Jaderson Pessoa  & @Jaderson Pessoa .

 

1. when a route-map is matched against a prefix, route-map processing stops, isn't it ?

2. In case of default route with communities 2002:35 2002:57.... the first sequence matched in 2002:35 and the route was denied and don't you think processing should have stopped? I understand match was on permit 2002:35 which resulted in the selection of 0.0.0.0

3. I am aware that seq 220 also got processed as-path was prepended to default route and I could deduce from it that seq 100 matched against default route and passed the same route to seq 220 where it was matched again and as-path got prepended. 

 

0 Helpful
Customers Also Viewed These Support Documents