Solved: Re: BGP statements

anthony.dyne · ‎05-28-2012

Hi All

Can someone explain me what these statements are there for

The config is from our MPLS router located in HeadOffice

^controlled-ospf ^ whats its function
^ routes_in ^ whats its function
how to change standard acl to extended acl

router bgp 4550

no synchronization

bgp log-neighbor-changes

redistribute ospf 5 match internal external 1 external 2 route-map controlled-ospf

neighbor 172.16.16.253 remote-as 4500

neighbor 172.16.16.253 route-map routes_in in

no auto-summary

route-map controlled-ospf permit 10

match ip address 25

access-list 25 permit 192.168.1.0 0.0.0.255

access-list 25 permit 192.168.2.0 0.0.0.255

access-list 25 permit 192.168.3.0 0.0.0.255

ip prefix-list routes_in seq 10 permit 192.168.10.0/24

cheers

Anthony

Giuseppe Larosa · ‎05-28-2012

Hello Anthony,

the router configuration is related to HeadOffice if I correctly understand.

the route filters that are configured allow to advertise 3 subnets to the MPLS SP router those described by ACL 25. (192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24).

This is performed by route-map controlled-ospf, no filters are applied on the BGP session in the outbound direction.

The remote office router can receive up to 3 IP subnets from SP router those listed above.

From SP router on BGP session the headoffice router accepts only the subnet 192.168.10.0/24 described by the IP prefix-list routes_in.

You may want to modify the route-map controlled-ospf if only one IP subnet should be advertised to the MPLS SP router.

I would suggest to configure a new standard ACL like

access-list 26 permit 192.168.x.0 0.0.0.255

and then you change the line

match ip address 25

in

match ip address 26

in route-map controlled-ospf.

Hope to help

Giuseppe

View solution in original post

John Blakley · ‎05-28-2012

Anthony,

The bgp config and route maps are showing the "controlled-ospf" is redistributing ospf orutes that match acl 25 (192.168.1.0, 2.0, and 3.0/24). It's not going to redistribute any other routes into bgp that doesn't match this route-map. I can't tell you about routes-in without seeing the route map, but I see the prefix list. The route-map could be doing anything from denying the route, permitting only the route, or setting different attributes when being received from the neighbor.

Changing from standard to extended can't be done without creating a new extended acl. What are you wanting to accomplish with it?

HTH,

John

HTH, John *** Please rate all useful posts ***

Giuseppe Larosa · ‎05-28-2012

Hello Anthony,

controlled-ospf is a route-map that decides what OSPF routes are advertised in BGP, currently only subnets described in ACL 25.

This ACL 25 likely describes the IP subnets that are local ( = on site)

routes_in is another route-map that is used as a route filter on received routes on the BGP session with MPLS SP PE router.

You haven't provided the configuration of route_in, However it should invoke a prefix-list with the same name that you have reported.

An extended ACL is not strictly needed in route filtering, the modern way to perform route filtering is the use of prefix-lists like the one you have reported.

The use for extended ACL in route filtering was introduced to express a range of subnet masks values.

A line like

access-list 125 permit ip 192.168.1.0 0.0.0.0 0.0.0.255 0.0.0.0

is equivalent to the first line of ACL 25

ACL 25 can be modified by adding lines if there is a new IP subnet on the site.

Hope to help

Giuseppe

anthony.dyne · ‎05-28-2012

Hi Giuseppe

I added the missing part

****

route-map routes_in permit 12

match ip address prefix-list routes_in

!

router ospf 5

log-adjacency-changes

redistribute bgp 4550 subnets

passive-interface default

no passive-interface FastEthernet0/1

***

which statement restricts what subnet are sent from Headoffice MPLS Router to Remote_offfice connected via MPLS ( remote office should have access to one subnet from headoffice )

cheers

Anthony

Giuseppe Larosa · ‎05-28-2012

Hello Anthony,

the router configuration is related to HeadOffice if I correctly understand.

the route filters that are configured allow to advertise 3 subnets to the MPLS SP router those described by ACL 25. (192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24).

This is performed by route-map controlled-ospf, no filters are applied on the BGP session in the outbound direction.

The remote office router can receive up to 3 IP subnets from SP router those listed above.

From SP router on BGP session the headoffice router accepts only the subnet 192.168.10.0/24 described by the IP prefix-list routes_in.

You may want to modify the route-map controlled-ospf if only one IP subnet should be advertised to the MPLS SP router.

I would suggest to configure a new standard ACL like

access-list 26 permit 192.168.x.0 0.0.0.255

and then you change the line

match ip address 25

in

match ip address 26

in route-map controlled-ospf.

Hope to help

Giuseppe

anthony.dyne · ‎05-28-2012

Thanks mate