You are right AS 100 can come from R1 side too but in my LAB why it is coming from R3 side where I already block it still AS 100 can see AS 300

And yes it is not going from R1 but that is not my worry ,I am worry because AS 100 should not pass AS 300 on R3 where I used ip as-path permit ^200$ command

Hi Anand,

Did you clear the session after applying the policy ("clear ip bgp * soft in" on R3)? Also after clearing the session, could you post the "show ip bgp " output from R3 for one of the prefixes learned from AS100 if you still see them.

Regards

This is output of R3 wher I specified as-path command to permit only AS 200 !!!!

R3#sh ip bg

R3#sh ip bgp

BGP table version is 13, local router ID is 192.168.3.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 10.10.10.0/24    112.112.112.1            1         32768 ?

*  11.11.11.0/24    11.11.11.2               0             0 200 i

*>                  0.0.0.0                  0         32768 i

*> 12.12.12.0/24    112.112.112.2           65         32768 ?

*> 13.13.13.0/24    112.112.112.1          129         32768 ?

*> 14.14.14.0/24    112.112.112.1           20         32768 ?

*> 111.111.111.0/24 112.112.112.1          128         32768 ?

*> 112.112.112.0/24 0.0.0.0                  0         32768 ?

*> 192.168.1.0      112.112.112.1           74         32768 ?

*> 192.168.2.0      112.112.112.2           74         32768 ?

*> 192.168.3.0      0.0.0.0                  0         32768 ?

*> 200.200.200.0    112.112.112.1            1         32768 ?

*> 201.201.201.0    11.11.11.2               0             0 200 i

Hi Anand,

The only two routes that are received from R9 via BGP are 11.11.11.0/24 and 201.201.201.0/24 and they respect the filter you have put in place. All other routes are locally originated (weight 32768) and probably redistributed from OSPF.

Regards

You are right great observation thanks but still why 14.14.14.0/24 network still showing in R7 and R8 (AS 100) from R9.???

R8#sh ip bgp

BGP table version is 17, local router ID is 201.201.201.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

* i10.10.10.0/24    10.10.10.1               0    100      0 i

*>                  0.0.0.0                  0         32768 i

*> 11.11.11.0/24    201.201.201.2            0             0 200 i

*  12.12.12.0/24    201.201.201.2                          0 200 300 ?

*>i                 10.10.10.1              65    100      0 300 ?

*>i13.13.13.0/24    10.10.10.1              65    100      0 300 ?

*                   201.201.201.2                          0 200 300 ?

*> 14.14.14.0/24    201.201.201.2                          0 200 300 ?

*  111.111.111.0/24 201.201.201.2                          0 200 300 ?

*>i                 10.10.10.1               0    100      0 300 ?

*  112.112.112.0/24 201.201.201.2                          0 200 300 ?

*>i                 10.10.10.1               0    100      0 300 ?

*  192.168.1.0      201.201.201.2                          0 200 300 ?

*>i                 10.10.10.1               0    100      0 300 ?

*  192.168.2.0      201.201.201.2                          0 200 300 ?

*>i                 10.10.10.1              74    100      0 300 ?

*>i192.168.3.0      10.10.10.1              74    100      0 300 ?

   Network          Next Hop            Metric LocPrf Weight Path

*                   201.201.201.2                          0 200 300 ?

*>i200.200.200.0    10.10.10.1               0    100      0 i

*  201.201.201.0    201.201.201.2            0             0 200 i

*>                  0.0.0.0                  0         32768 i

R7#sh ip bgp

BGP table version is 17, local router ID is 200.200.200.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

* i10.10.10.0/24    10.10.10.2               0    100      0 i

*>                  0.0.0.0                  0         32768 i

*>i11.11.11.0/24    10.10.10.2               0    100      0 200 i

*> 12.12.12.0/24    200.200.200.2           65             0 300 ?

*> 13.13.13.0/24    200.200.200.2           65             0 300 ?

*>i14.14.14.0/24    10.10.10.2               0    100      0 200 300 ?

*> 111.111.111.0/24 200.200.200.2            0             0 300 ?

*> 112.112.112.0/24 200.200.200.2            0             0 300 ?

*> 192.168.1.0      200.200.200.2            0             0 300 ?

*> 192.168.2.0      200.200.200.2           74             0 300 ?

*> 192.168.3.0      200.200.200.2           74             0 300 ?

*  200.200.200.0    200.200.200.2            0             0 300 i

*>                  0.0.0.0                  0         32768 i

*>i201.201.201.0    10.10.10.2               0    100      0 i

I guess because 14.14.14.0/24 network has no route from R1 side so it chooses R3, because on R3 I redistribute external route also of OSPF but not on R1 side and 14.14.14.0/24 is RIP network in my LAB ...So In short R7,R8 can reach to my 14.14.14.0/24 network through R9-->R3 path.....

But here also it should be stoped by my as-path and route-map which allow only AS 200 not AS 100

Anand,

R3 filters routes inbound from R9. Routes advertised from R3 to R9 are not filtered, so there is no reason for 14.14.14.0/24 not to be advertised to R9 (AS200) and then to R7 and R8 (AS100).

Regards

Ok u mean I have to use outbound filter but if I use it effects on R9 as well but why only 14.14.14.0/24 network is in R7 thorugh AS 200 why not all???

Anand,

Well as you mentioned, 14.14.14.0/24 is not know via ospf on R1 and doesn't get redistributed in BGP. On the other hand, 14.14.14.0/24 does get redistributed in BGP on R3, which makes it the only BGP path advertised to R9 and then to R7 and R8, hence these routers selecting the path via AS200.

Regards

Thanks last question friend u helped me a lot that is there any way to stop that AS 100 to see 14.14.14.0/24 ???

And yes ur reply means that if I advertise from AS 300  to AS 200 from there it reachs to AS 100 means my as-path ^200$ permit command fail. and allow AS 100 as well

I have one option can I use community no-advrtise but I guess it will stop to advertise to AS 200  as well!!!!

Anand,

> Thanks last question friend u helped me a lot that is there any way

> to stop that AS 100 to see 14.14.14.0/24 ???

You are welcome. There are many way to prevent 14.14.14.0/24 from being learnt in AS100. In my last message, I suggested you apply on R8 bgp session to R9 the same inbound filter you have on R3 bgp session to R9.

> And yes ur reply means that if I advertise from AS 300  to AS 200 from

> there it reachs to AS 100 means my as-path ^200$ permit command fail.

> and allow AS 100 as well

No, the as-path filter does not fail. You need to remember that the filter on R3 is inbound and therefore only affects routes learned from R9 and not the routes advertised to R9.

> I have one option can I use community no-advrtise but I guess

> it will stop to advertise to AS 200  as well!!!!

Again, my suggestion would be to add on R8 bgp session to R9, the same filter you have on R3 bgp session to R9.

Regards

In short I am saying that why my as-path command not stoping any routes coming from AS 100 because I only allowed AS 200 not 100 ....it is like I want to allow specified person ABC but not any one like XYZ