Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3534
Views
5
Helpful
7
Replies

bgp no-advertise community not working on local router

Go to solution
ahmedsid432135621
Level 1
Level 1

‎09-08-2021 05:22 AM

HI guys,

 

im trying to implement cisco no-advertise community from a router with a local loopback ip 10.1.1.1. im using below syntax on local router and its not working. but its working when i configure it on the neighbor peer with route-map A in syntax. is this a case of ACL/route map works after/before processing etc that is causing the issue?

 

 

neighbor 6.6.6.6 route-map A out

neighbor 6.6.6.6 send-community both

 

access-list 101 permit ip host 10.1.1.1 any

 

route-map A permit 10
match ip address 101
set community no-advertise

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to ahmedsid432135621

‎09-08-2021 06:41 AM - edited ‎09-08-2021 06:42 AM

Hello @ahmedsid432135621 ,

extended IP ACLs are supported in BGP but in an unusual way so it is better to use prefix-lists.

 

there is no effect on the local node / originating router

the BGP NO_ADVERTISE community allows a node to advertise a prefix or set of prefixes to a peer that can use them ( install them in local IP routing table) but  the peer cannot advertise them to other devices.

Otherwise you could simply filter the unwanted prefixes from the peer session using a route-map with a deny section as showed by @balaji.bandi  in his post.

 

Hope to help

Giuseppe

 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
MHM Cisco World
VIP
VIP

‎09-08-2021 05:34 AM

Ra-Rb-Rc

Ra will config the route-map with no-advertise, 
the effect will be in Rb which will not advertise the prefix.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-08-2021 05:37 AM - edited ‎09-08-2021 05:40 AM

Hello @ahmedsid432135621 ,

there is something strange in your test configuration.

 

The BGP community no-advertise is a well known community that can be used to make a prefix not advertisable to a third party peer.

 

You are using an extended ACL that looks like to be thought for user traffic rather then to define a prefix:

 

access-list 101 permit ip host 10.1.1.1 any

 

You should use a prefix-list to define what prefix(es) should have the BGP community no-advertise when sending to BGP peer 6.6.6.6.

 

The effect is not on the local node but on the peer 6.6.6.6 that receives the prefix(es) can use it/them, but it cannot advertise it/them to anyone.

Simllarly NO_EXPORT allows to advertise to other iBGP peers but not to eBGP peers.

 

So regardless of your strange ACL the effects of BGP community no-advertise are seen on the peer in your case on 6.6.6.6 node.

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-08-2021 05:37 AM

Try below and let us know how it goes.

access-list 101 permit host 10.1.1.1
!
route-map BB_NO deny 10
match ip address 101
set community no-advertise 
route-map BB_NO permit 20

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎09-08-2021 05:48 AM

Hello @balaji.bandi ,

access-list 101 is an extended ACL

access-list 101 permit ip host 10.1.1.1 any

 

As I have written in my post  this kind of filter is not the correct on in this scenario as it is not clear what prefixes would match .

May be only 10.1.1./32

 

I would use a prefix-list instead,

Setting BGP community NO_ADVERTISE on prefixes that are DENIED to a neighbor is useless it is just enough to deny them = filtered

My understanding is that the original poster has not clear the use and concept of NO_ADVERTISE BGP community expecting it to happen on the local node.

 

Hope to help

Giuseppe

0 Helpful

Go to solution
ahmedsid432135621
Level 1
Level 1
In response to Giuseppe Larosa

‎09-08-2021 06:07 AM

you bring up a good point, since now i remember that extended ACL work differently on BGP than they do on any other application. secondly, are you stating that the no-advertise community has no affect if it is applied on the originating router even if i do use a prefix list? or it pointless to use it on the originating router?

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to ahmedsid432135621

‎09-08-2021 06:41 AM - edited ‎09-08-2021 06:42 AM

Hello @ahmedsid432135621 ,

extended IP ACLs are supported in BGP but in an unusual way so it is better to use prefix-lists.

 

there is no effect on the local node / originating router

the BGP NO_ADVERTISE community allows a node to advertise a prefix or set of prefixes to a peer that can use them ( install them in local IP routing table) but  the peer cannot advertise them to other devices.

Otherwise you could simply filter the unwanted prefixes from the peer session using a route-map with a deny section as showed by @balaji.bandi  in his post.

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-08-2021 07:40 AM

BTW, don't know if this still applies, but years ago, I "stubbed my toe" on no-advertise not working because BGP wasn't configured to use communities (the default, at least then).  When configured to do so, then no-advertise worked correctly.

0 Helpful
Customers Also Viewed These Support Documents