cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
729
Views
5
Helpful
2
Replies
Shawn Kleinart
Beginner

BGP route-map optimization -- question re "continue" function

The continue function isn't doing what I had hoped (I'm trying to figure out an "IF, then OR then" type function in IOS). There's also the Cisco documentation being wrong (re "set ip next hop 10.2.2.2" example). I miss the XR code/RPL. I had worked on the CRS heavily re BGP policy, and am now back to IOS after almost 4 years doing little with BGP. Continue is new to me.

I'm hoping for some input here...

1) A more "elegant" way to write said policy (reduced lines, simplified)

2) To help better understand good uses for "continue"

3) Methods to do "IF, then OR then (or then)" in IOS? (child branch)

Using "ge 8 le 24" is a best practice on full table sessions... even though our providers SHOULD be doing it too. I could apply that function alone into a prefix-list, but we use a prefix-list as part of a general template (see below - PFX-DEFAULT-IN). Customers/peers get 'le 28' via route-map policy, transit le 24, etc. I could maintain two (or MORE) prefix-lists, but I'd rather not (it would be easier now that the list won't change much -- it was a BOGON's list, now that IPv4 is all allocated to RIR's). Going back to the "elegant" aspect of trying to have the fewest lines, and maybe the least CPU cycles on full table sessions, etc... any input is welcome!

I inherited the PFX, and the LESS-THAN-24 configs -- and would rather not go into all routers and change those aspects of the template.

(inherited by policy for all eBGP sessions)

ip prefix-list PFX-DEFAULT-IN seq 10 deny 0.0.0.0/8 le 32

ip prefix-list PFX-DEFAULT-IN seq 11 deny 10.0.0.0/8 le 32

ip prefix-list PFX-DEFAULT-IN seq 12 deny 127.0.0.0/8 le 32

ip prefix-list PFX-DEFAULT-IN seq 13 deny 169.254.0.0/16 le 32

ip prefix-list PFX-DEFAULT-IN seq 14 deny 172.16.0.0/12 le 32

ip prefix-list PFX-DEFAULT-IN seq 15 deny 192.0.2.0/24 le 32

ip prefix-list PFX-DEFAULT-IN seq 16 deny 192.168.0.0/16 le 32

ip prefix-list PFX-DEFAULT-IN seq 17 deny 198.18.0.0/15 le 32

ip prefix-list PFX-DEFAULT-IN seq 18 deny 224.0.0.0/3 le 32

ip prefix-list PFX-DEFAULT-IN seq 70 deny <OUR SPACE>

ip prefix-list PFX-DEFAULT-IN seq 71 deny <OUR SPACE>

ip prefix-list PFX-DEFAULT-IN seq 72 deny <OUR SPACE>

ip prefix-list PFX-DEFAULT-IN seq 73 deny <OUR SPACE>

ip prefix-list PFX-DEFAULT-IN seq 74 deny <OUR SPACE>

ip prefix-list PFX-DEFAULT-IN seq 75 deny <OUR SPACE>

ip prefix-list PFX-DEFAULT-IN seq 99 permit 0.0.0.0/0

ip prefix-list PFX-DEFAULT-IN seq 100 permit 0.0.0.0/0 ge 8

LAB CONFIG:

ip as-path access-list 401 permit ^([0-9]+)$

ip as-path access-list 401 deny .*

ip prefix-list PREFIX-LESS-THAN-24 seq 10 permit 0.0.0.0/0

ip prefix-list PREFIX-LESS-THAN-24 seq 20 permit 0.0.0.0/0 ge 8 le 24

! EXAMPLE 1 -- working, but calls the "PREFIX-LESS-THAN-24" list twice (and uses the same set value for 3 of 4 items)

! I'll use this, if no one has any better suggestions.

route-map POLICY-EXAMPLE-IN permit 10

match ip address prefix-list PREFIX-LESS-THAN-24

match as-path 401

set metric 0

set origin igp

set community <removed>

set local-preference 100

route-map POLICY-EXAMPLE-IN permit 20

match ip address prefix-list PREFIX-LESS-THAN-24

set metric 0

set origin igp

set community <removed>

set local-preference 99

route-map POLICY-EXAMPLE-IN deny 100

! EXAMPLE 2 -- PROBLEM: Both 15 & 100 match routes longer than /24 (eg /25)

! Is there a method to make 15 & 100 ONLY processed if seq 10 matches? (if, then OR then)

! Obviously, a /25 route doesn't match seq 10, but could match 15 and Will match 100.

route-map POLICY-EXAMPLE-IN2 permit 10

match ip address prefix-list PREFIX-LESS-THAN-24

set origin igp

set metric 0

set community <removed>

continue

route-map POLICY-EXAMPLE-IN2 permit 15

match as-path 401

set local-preference 100

route-map POLICY-EXAMPLE-IN2 permit 100

set local-preference 99

! EXAMPLE 3 - same problem as 2, fixes only setting attributes.

! This was my first attempt using continue. I wasnt' thinking it through clearly.

route-map POLICY-EXAMPLE-IN3 permit 10

match ip address prefix-list PREFIX-LESS-THAN-24

continue

route-map POLICY-EXAMPLE-IN3 permit 15

match as-path 401

set local-preference 100

set origin igp

set metric 0

set community <removed>

route-map POLICY-EXAMPLE-IN3 permit 100

set local-preference 99

set origin igp

set metric 0

set community <removed>

! I didn't test this yet, but might this be the "best" config???

! I would love to avoid calling "PREFIX-LESS-THAN-24" twice - maybe I'm putting too much into it?

route-map POLICY-EXAMPLE-IN4 permit 1

set origin igp

set metric 0

set community <removed>

continue

route-map POLICY-EXAMPLE-IN4 permit 10

match ip address prefix-list PREFIX-LESS-THAN-24

match as-path 401

set local-preference 100

route-map POLICY-EXAMPLE-IN4 permit 20

match ip address prefix-list PREFIX-LESS-THAN-24

set local-preference 99

route-map POLICY-EXAMPLE-IN4 deny 100

FYI - our traditional policy was simple:

route-map POLICY-TRANSIT-IN permit 10

match ip address prefix-list PREFIX-LESS-THAN-24

set metric 0

set local-preference 100

set origin igp

set community <REMOVED>

route-map POLICY-TRANSIT-IN deny 100

I will be doing some traffic engineering.

1 ACCEPTED SOLUTION

Accepted Solutions
Marwan ALshawi
Advisor

Hi

to answer you question about example 2

The first continue clause in route map entry 10 indicates that the route map will go to route map entry 20 if a successful matches occurs.
If a match does not occur, the route map will "fall through" to route map entry 15 ( deny all )


route-map POLICY-EXAMPLE-IN2 permit 10

match ip address prefix-list PREFIX-LESS-THAN-24

set origin igp

set metric 0

set community

continue 20


route-map POLICY-EXAMPLE-IN2 deny 15

route-map POLICY-EXAMPLE-IN2 permit 20

match as-path 401

set local-preference 100



route-map POLICY-EXAMPLE-IN2 permit 100

set local-preference 99

you can use the same concept for other route maps if you need, and you can refer to the bellow linke for more details about BGP route maps and route maps with continue

http://www.cisco.com/en/US/docs/ios/12_4t/ip_route/configuration/guide/t_brbext.html#wp1061944

HTH

if helpful Rate

View solution in original post

2 REPLIES 2
Marwan ALshawi
Advisor

Hi

to answer you question about example 2

The first continue clause in route map entry 10 indicates that the route map will go to route map entry 20 if a successful matches occurs.
If a match does not occur, the route map will "fall through" to route map entry 15 ( deny all )


route-map POLICY-EXAMPLE-IN2 permit 10

match ip address prefix-list PREFIX-LESS-THAN-24

set origin igp

set metric 0

set community

continue 20


route-map POLICY-EXAMPLE-IN2 deny 15

route-map POLICY-EXAMPLE-IN2 permit 20

match as-path 401

set local-preference 100



route-map POLICY-EXAMPLE-IN2 permit 100

set local-preference 99

you can use the same concept for other route maps if you need, and you can refer to the bellow linke for more details about BGP route maps and route maps with continue

http://www.cisco.com/en/US/docs/ios/12_4t/ip_route/configuration/guide/t_brbext.html#wp1061944

HTH

if helpful Rate

View solution in original post

Thanks for the example, very helpful.

I plan on using that method.

Curious if anyone knows -- for lower-end platforms, where CPU might be a factor...  do all of the examples have pretty much the same performance,or might one be notably better?