07-18-2011 05:45 PM - edited 03-04-2019 01:01 PM
The continue function isn't doing what I had hoped (I'm trying to figure out an "IF, then OR then" type function in IOS). There's also the Cisco documentation being wrong (re "set ip next hop 10.2.2.2" example). I miss the XR code/RPL. I had worked on the CRS heavily re BGP policy, and am now back to IOS after almost 4 years doing little with BGP. Continue is new to me.
I'm hoping for some input here...
1) A more "elegant" way to write said policy (reduced lines, simplified)
2) To help better understand good uses for "continue"
3) Methods to do "IF, then OR then (or then)" in IOS? (child branch)
Using "ge 8 le 24" is a best practice on full table sessions... even though our providers SHOULD be doing it too. I could apply that function alone into a prefix-list, but we use a prefix-list as part of a general template (see below - PFX-DEFAULT-IN). Customers/peers get 'le 28' via route-map policy, transit le 24, etc. I could maintain two (or MORE) prefix-lists, but I'd rather not (it would be easier now that the list won't change much -- it was a BOGON's list, now that IPv4 is all allocated to RIR's). Going back to the "elegant" aspect of trying to have the fewest lines, and maybe the least CPU cycles on full table sessions, etc... any input is welcome!
I inherited the PFX, and the LESS-THAN-24 configs -- and would rather not go into all routers and change those aspects of the template.
(inherited by policy for all eBGP sessions)
ip prefix-list PFX-DEFAULT-IN seq 10 deny 0.0.0.0/8 le 32
ip prefix-list PFX-DEFAULT-IN seq 11 deny 10.0.0.0/8 le 32
ip prefix-list PFX-DEFAULT-IN seq 12 deny 127.0.0.0/8 le 32
ip prefix-list PFX-DEFAULT-IN seq 13 deny 169.254.0.0/16 le 32
ip prefix-list PFX-DEFAULT-IN seq 14 deny 172.16.0.0/12 le 32
ip prefix-list PFX-DEFAULT-IN seq 15 deny 192.0.2.0/24 le 32
ip prefix-list PFX-DEFAULT-IN seq 16 deny 192.168.0.0/16 le 32
ip prefix-list PFX-DEFAULT-IN seq 17 deny 198.18.0.0/15 le 32
ip prefix-list PFX-DEFAULT-IN seq 18 deny 224.0.0.0/3 le 32
ip prefix-list PFX-DEFAULT-IN seq 70 deny <OUR SPACE>
ip prefix-list PFX-DEFAULT-IN seq 71 deny <OUR SPACE>
ip prefix-list PFX-DEFAULT-IN seq 72 deny <OUR SPACE>
ip prefix-list PFX-DEFAULT-IN seq 73 deny <OUR SPACE>
ip prefix-list PFX-DEFAULT-IN seq 74 deny <OUR SPACE>
ip prefix-list PFX-DEFAULT-IN seq 75 deny <OUR SPACE>
ip prefix-list PFX-DEFAULT-IN seq 99 permit 0.0.0.0/0
ip prefix-list PFX-DEFAULT-IN seq 100 permit 0.0.0.0/0 ge 8
LAB CONFIG:
ip as-path access-list 401 permit ^([0-9]+)$
ip as-path access-list 401 deny .*
ip prefix-list PREFIX-LESS-THAN-24 seq 10 permit 0.0.0.0/0
ip prefix-list PREFIX-LESS-THAN-24 seq 20 permit 0.0.0.0/0 ge 8 le 24
! EXAMPLE 1 -- working, but calls the "PREFIX-LESS-THAN-24" list twice (and uses the same set value for 3 of 4 items)
! I'll use this, if no one has any better suggestions.
route-map POLICY-EXAMPLE-IN permit 10
match ip address prefix-list PREFIX-LESS-THAN-24
match as-path 401
set metric 0
set origin igp
set community <removed>
set local-preference 100
route-map POLICY-EXAMPLE-IN permit 20
match ip address prefix-list PREFIX-LESS-THAN-24
set metric 0
set origin igp
set community <removed>
set local-preference 99
route-map POLICY-EXAMPLE-IN deny 100
! EXAMPLE 2 -- PROBLEM: Both 15 & 100 match routes longer than /24 (eg /25)
! Is there a method to make 15 & 100 ONLY processed if seq 10 matches? (if, then OR then)
! Obviously, a /25 route doesn't match seq 10, but could match 15 and Will match 100.
route-map POLICY-EXAMPLE-IN2 permit 10
match ip address prefix-list PREFIX-LESS-THAN-24
set origin igp
set metric 0
set community <removed>
continue
route-map POLICY-EXAMPLE-IN2 permit 15
match as-path 401
set local-preference 100
route-map POLICY-EXAMPLE-IN2 permit 100
set local-preference 99
! EXAMPLE 3 - same problem as 2, fixes only setting attributes.
! This was my first attempt using continue. I wasnt' thinking it through clearly.
route-map POLICY-EXAMPLE-IN3 permit 10
match ip address prefix-list PREFIX-LESS-THAN-24
continue
route-map POLICY-EXAMPLE-IN3 permit 15
match as-path 401
set local-preference 100
set origin igp
set metric 0
set community <removed>
route-map POLICY-EXAMPLE-IN3 permit 100
set local-preference 99
set origin igp
set metric 0
set community <removed>
! I didn't test this yet, but might this be the "best" config???
! I would love to avoid calling "PREFIX-LESS-THAN-24" twice - maybe I'm putting too much into it?
route-map POLICY-EXAMPLE-IN4 permit 1
set origin igp
set metric 0
set community <removed>
continue
route-map POLICY-EXAMPLE-IN4 permit 10
match ip address prefix-list PREFIX-LESS-THAN-24
match as-path 401
set local-preference 100
route-map POLICY-EXAMPLE-IN4 permit 20
match ip address prefix-list PREFIX-LESS-THAN-24
set local-preference 99
route-map POLICY-EXAMPLE-IN4 deny 100
FYI - our traditional policy was simple:
route-map POLICY-TRANSIT-IN permit 10
match ip address prefix-list PREFIX-LESS-THAN-24
set metric 0
set local-preference 100
set origin igp
set community <REMOVED>
route-map POLICY-TRANSIT-IN deny 100
I will be doing some traffic engineering.
Solved! Go to Solution.
07-19-2011 12:36 AM
Hi
to answer you question about example 2
The first continue clause in route map entry 10 indicates that the route map will go to route map entry 20 if a successful matches occurs.
If a match does not occur, the route map will "fall through" to route map entry 15 ( deny all )
route-map POLICY-EXAMPLE-IN2 permit 10
match ip address prefix-list PREFIX-LESS-THAN-24
set origin igp
set metric 0
set community
continue 20
route-map POLICY-EXAMPLE-IN2 deny 15
route-map POLICY-EXAMPLE-IN2 permit 20
match as-path 401
set local-preference 100
route-map POLICY-EXAMPLE-IN2 permit 100
set local-preference 99
you can use the same concept for other route maps if you need, and you can refer to the bellow linke for more details about BGP route maps and route maps with continue
http://www.cisco.com/en/US/docs/ios/12_4t/ip_route/configuration/guide/t_brbext.html#wp1061944
HTH
if helpful Rate
07-19-2011 12:36 AM
Hi
to answer you question about example 2
The first continue clause in route map entry 10 indicates that the route map will go to route map entry 20 if a successful matches occurs.
If a match does not occur, the route map will "fall through" to route map entry 15 ( deny all )
route-map POLICY-EXAMPLE-IN2 permit 10
match ip address prefix-list PREFIX-LESS-THAN-24
set origin igp
set metric 0
set community
continue 20
route-map POLICY-EXAMPLE-IN2 deny 15
route-map POLICY-EXAMPLE-IN2 permit 20
match as-path 401
set local-preference 100
route-map POLICY-EXAMPLE-IN2 permit 100
set local-preference 99
you can use the same concept for other route maps if you need, and you can refer to the bellow linke for more details about BGP route maps and route maps with continue
http://www.cisco.com/en/US/docs/ios/12_4t/ip_route/configuration/guide/t_brbext.html#wp1061944
HTH
if helpful Rate
07-21-2011 06:26 PM
Thanks for the example, very helpful.
I plan on using that method.
Curious if anyone knows -- for lower-end platforms, where CPU might be a factor... do all of the examples have pretty much the same performance,or might one be notably better?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: