Here is some context to the scenario (note that I have snuffed some stuff as this is a real network with real public IP's)
The route is a directly connected LAN on the CE:
BGP config on CE
Over to the PE we receive the route via BGP with the attached communities.
But the PE advertises the route back again! Surely this is not supposed to happen.
Our only protectection from this back on the CE is to filter the route using community we attached using an inbound route map
route-map CE-FROM-PE-BACKUP deny 10<<<<<<<<<<<<<<DENY
match community SITE-ID
route-map CE-FROM-PE-BACKUP permit 100
set local-preference 90
set weight 100
set community no-export additive
Any ideas on why this is happening? You help is greatly appreciated in advance.
this kind of behaviour has been reported before in the forums.
A wild guess is that because you are using neigh allowas-in on the CE node, the PE router BGP configuration has been tuned for this, and what you see is a side effect of allowing resending routes with your AS number to your device on the PE node.
Hope to help
Many thanks for taking the time out of your work to respond to my query.
Your wild guess is valid and it could be something to do with this though I cannot test this as its a live network.
The issue happens for multiple customers on the same PE.
I have compared another PE which was implemented using the same commands (as overide on PE and allow-as in on CE and I don't get the same results. It something specific to this solution and i'm thinking it might be the PE itself.
PE#show ip bgp vpnv4 vrf XXX neighb X.X.X.X routes | i 10.160.184
*> 10.160.184.0/29 X.X.X.186 0 170 0 65135 ?
PE#show ip bgp vpnv4 vrf XXX neighb X.X.X.186 advertised-routes | i 10.160.184
router bgp 65135
redistribute connected route-map MARK-CONNECTED
redistribute static route-map MARK-STATIC
neighbor X.X.X.185 remote-as 4589
neighborX.X.X.185 description Fa1/2/4:X
neighbor X.X.X.185 password 7 X
neighbor X.X.X.185 timers 15 45
neighborX.X.X.185 route-map CE-FROM-PE in
neighbor X.X.X.185 route-map CE-TO-PE out
neighborX.X.X.185 maximum-prefix 1000
Also if you have the links to the old threads relating to this I will read those to see if I can glean more information.
It seems to be an issue specifically with this PE (7206VXR running 12.2(31)SB18). I will check for known bugs in the meantime.
Thanks once again