Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2350
Views
0
Helpful
18
Replies

bgp guru

Go to solution
whanson
Level 2
Level 2

‎08-13-2009 11:07 AM - edited ‎03-04-2019 05:43 AM

I am trying to impact the incoming traffic on a particular subnet. I have two connections to the same ISP same AS at different locations and another connction to a separate ISP. I use filter list to control the advertised routes and all is well but there is one subnet that comes in location A isp A and I want it to come in location B isp A so I added a route map at location A for the specific subnet and set the metric so I should theoretically come in location B but instead I lost all connectivity for all subnets. If I use a route-map out does that override a filter list? As ever thx

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to whanson

‎08-14-2009 11:56 AM

Hi,

It seems that your route-map parker-subnet-att on the site A is missing the "permit any" block at its end. Currently, it reads as follows:

route-map parker-subnet-att permit 10

match ip address 30

set metric 100

The ACL 30 permits a single network 3.3.3.0/24. All other networks are not matched by the ACL 30, therefore, the only block of your route map does not apply to them. The next implicit invisible block of the route-map works like "deny any" and prevents all other routes from being advertised.

I believe that your route-map should correctly read as follows:

route-map parker-subnet-att permit 10

match ip address 30

set metric 100

route-map parker-subnet-att permit 20

! Nothing written here, just exit

Best regards,

Peter

View solution in original post

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to whanson

‎08-15-2009 10:37 PM

Hello Bill,

Peter has found the problem: the way you terminate the route-map.

As Paolo has noted there is no use here in thinking of filter types order the end result is that you are only permitting the subnet with the modified IP subnet the one permitted by ACL 30.

When dealing with BGP route maps (or for redistribution) it is important to take care of how the route map has to be terminated:

if a filtering action is desired no empty final clause is needed if the route-map is used only for modifying some attributes on some prefixes then an empty final clause may be needed or an additional clause with the appropriate match.

By the way, it is possible to include the match on as paths in the route map so that you have a single filter applied outbound a neighbor:

route-map parker-subnet-att permit 10

match ip address 30

match as-path 1

set metric 100

route-map parker-subnet-att permit 20

match as-path 1

match ip address prefix adv-55555

in this case an empty final clause is not needed but second block takes care of the prefixes you want to advertise.

I usually write the filters in this different way to make more clear how the filters works.

Hope to help

Giuseppe

View solution in original post

0 Helpful
18 Replies 18

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎08-13-2009 11:12 AM

That is a but difficult to put in words, but let me try.

BGP simply applies user configuration in a fixed order, that honestly I don't recall now, but can be easily be found.

There is no overriding per-se like it won't do a certain thing if you did another, and everything simply depends by the details of your lists, ACLs, etc.

0 Helpful

Go to solution
milan.kulik
Level 10
Level 10
In response to paolo bevilacqua

‎08-13-2009 12:09 PM

Hi,

here is the order Paolo mentioned:

For inbound updates the order of preference is:

1. route-map

2. filter-list

3. prefix-list, distribute-list

For outbound updates the order of preference is:

1. prefix-list, distribute-list

2. filter-list

3. route-map

See

http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml#one

BR,

Milan

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎08-13-2009 12:04 PM

Hello,

Regarding the order of different policy mechanisms, the "BGP Frequently Asked Questions" article at

http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml#one

says:

The order of preference varies based on whether the attributes are applied for inbound updates or outbound updates.

For inbound updates the order of preference is:

1. route-map

2. filter-list

3. prefix-list, distribute-list

For outbound updates the order of preference is:

1. prefix-list, distribute-list

2. filter-list

3. route-map

Note: The attributes prefix-list and distribute-list are mutually exclusive, and only one command (neighbor prefix-list or neighbor distribute-list) can be applied to each inbound or outbound direction for a particular neighbor.

Best regards,

Peter

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to Peter Paluch

‎08-13-2009 12:16 PM

Ah, so there is some exclusive commands, I didn't remembered that.

Thanks for adding the list here, I knew you guys know.

0 Helpful

Go to solution
whanson
Level 2
Level 2
In response to paolo bevilacqua

‎08-14-2009 11:49 AM

okay this is a snippet of what I have. As soon as I add the route-map parker to site A I can no longer access anything. A traceroute shows that the route ends in the ISP

Preview file
2 KB
0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to whanson

‎08-14-2009 11:56 AM

Hi,

It seems that your route-map parker-subnet-att on the site A is missing the "permit any" block at its end. Currently, it reads as follows:

route-map parker-subnet-att permit 10

match ip address 30

set metric 100

The ACL 30 permits a single network 3.3.3.0/24. All other networks are not matched by the ACL 30, therefore, the only block of your route map does not apply to them. The next implicit invisible block of the route-map works like "deny any" and prevents all other routes from being advertised.

I believe that your route-map should correctly read as follows:

route-map parker-subnet-att permit 10

match ip address 30

set metric 100

route-map parker-subnet-att permit 20

! Nothing written here, just exit

Best regards,

Peter

0 Helpful

Go to solution
whanson
Level 2
Level 2
In response to Peter Paluch

‎08-14-2009 12:37 PM

So you are saying that the route-map overrides the prefix-list

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to whanson

‎08-14-2009 01:06 PM

Hello,

I would not exactly say that it "overrides" the prefix list. It simply comes after the prefix list - see the sequence of steps described earlier. Even if the prefix-list permits a network, that network will have to go through the route-map. If the route-map drops it, then it will not be advertised. Of course, if a prefix-list drops a network, it will not even reach the route-map so it also won't be advertised.

Best regards,

Peter

0 Helpful

Go to solution
whanson
Level 2
Level 2
In response to Peter Paluch

‎08-14-2009 05:42 PM

Yes you are, You are saying that even though I have a filter list that says what networks to advertize that is fine but since I have a route map that only includes one network that is the end all.

So in essence the filter list was overriden by the route-map.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to whanson

‎08-14-2009 09:32 PM

Hello,

In your particular case, yes, the route-map seems to override the prefix list.

But consider the other possibility: a prefix list denies a network and the route-map subsequently permits it. Will the route-map in this case override the prefix list? No, it will not. The prefix list dropped the network before it even reached the route-map.

In the outbound direction, a route-map can "override" a prefix list in the sense that if a network was permitted by the prefix list, it may be subsequently dropped by the route-map. However, the converse is not true. A route-map can not make a network to be advertised after it was first dropped by the prefix list. Therefore, it would be incorrect to state in a general sense that the route-map always overrides the prefix list.

Best regards,

Peter

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to whanson

‎08-15-2009 03:32 PM

Seems to me you are trying to twist the correct explanations received to match the answer you're expecting.

Nothing overrides anything, you begin with all the prefixes in BGP table and these are reduced in steps by the filters applied.

While you're there, why not rating the useful answer using the scrollbox below.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to whanson

‎08-15-2009 10:37 PM

Hello Bill,

Peter has found the problem: the way you terminate the route-map.

As Paolo has noted there is no use here in thinking of filter types order the end result is that you are only permitting the subnet with the modified IP subnet the one permitted by ACL 30.

When dealing with BGP route maps (or for redistribution) it is important to take care of how the route map has to be terminated:

if a filtering action is desired no empty final clause is needed if the route-map is used only for modifying some attributes on some prefixes then an empty final clause may be needed or an additional clause with the appropriate match.

By the way, it is possible to include the match on as paths in the route map so that you have a single filter applied outbound a neighbor:

route-map parker-subnet-att permit 10

match ip address 30

match as-path 1

set metric 100

route-map parker-subnet-att permit 20

match as-path 1

match ip address prefix adv-55555

in this case an empty final clause is not needed but second block takes care of the prefixes you want to advertise.

I usually write the filters in this different way to make more clear how the filters works.

Hope to help

Giuseppe

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7

‎08-15-2009 10:52 PM

Hi,

Pls post your current config in order to have better result.

HTH

Mohamed

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to Mohamed Sobair

‎08-16-2009 04:08 AM

Configuration had been already posted and extensively discussed.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card