07-17-2009 01:02 AM - edited 03-04-2019 05:27 AM
Hi,
I'm recieving the full routing table from my ISP, and then I'm trying to control what routes we have in our routing table using an ip as-path access-list (ideally I only want routes orginated in the ISP's AS or directly attached). But it looks like we're receiving the full routing table, regardless of my prefix-list. Here's my config:
router bgp 1234
no synchronization
bgp log-neighbor-changes
network 1.1.1.0
neighbor 1.1.1.1 remote-as 1234
neighbor 1.1.1.1 next-hop-self
neighbor 1.1.1.1 timers 5 15
neighbor 1.1.1.1 soft-reconfiguration inbound
neighbor 1.1.1.1 password xxx
neighbor 2.2.2.2 remote-as 5678
neighbor 2.2.2.2 soft-reconfiguration inbound
neighbor 2.2.2.2 prefix-list transit out
neighbor 2.2.2.2 route-map allow-from-isp in
no auto-summary
ip as-path access-list 18 permit ^5678_[0-9]*$
!
ip prefix-list transit seq 5 deny 1.1.1.0/24 <-----------this is just for testing purposes before we go live
route-map allow-from-isp permit 10
match as-path 18
With this set up, I was getting the following:
BGP router identifier 2.2.2.2, local AS number 1234
BGP table version is 21988, main routing table version 21988
284942 network entries using 28779142 bytes of memory
284940 path entries using 13677120 bytes of memory
49179 BGP path attribute entries using 2951400 bytes of memory
44072 BGP AS-PATH entries using 1137420 bytes of memory
185 BGP community entries using 7282 bytes of memory
49 BGP route-map cache entries using 980 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 46553344 total bytes of memory
263363 received paths for inbound soft reconfiguration
BGP activity 285248/306 prefixes, 285333/393 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 1234 0 0 0 0 0 never Active
2.2.2.2 4 5678 50353 26 21988 0 0 00:22:45 21577
I also tried these regular expressions to see if that altered the number of entries, but it didn't:
ip as-path access-list 19 permit _5678$
ip as-path access-list 20 permit ^5678$
I then dropped the incoming filtering and accepted all routes, and it was again approx 284,000.
Any ideas on why this isn't working? We are using this exact set up with 2 other ISPs, so I'm not sure what is different in this case.
Any help would be much appreciated.
J
07-17-2009 01:07 AM
Hello J,
you are receiving
2.2.2.2 4 5678 50353 26 21988 0 0 00:22:45 21577
21577 ip prefixes with the filters so they are doing something
have you verified with a sh ip bgp that there are AS paths that should have been filtered?
Hope to help
Giuseppe
07-17-2009 03:02 AM
Hi Guiseppe,
What should I be looking for with a sh ip bgp? That the path contains only 5678 plus 2 others?
Thanks,
J
07-17-2009 01:14 AM
J
^5678_[0-9]*$ will not just accept routes with only 5678 AS in them. It will accept routes with 2 AS paths.
Your other regex should work tho ie. ^5678$. Not sure whether you need to soft reset the connection if you apply a different filter.
Jon
07-17-2009 02:22 AM
Reason for getting more number of routes
========================================
If you want your AS to get networks originated from AS 5678 and all directly attached ASs of AS 5678, then only you have to apply the following inbound filter on your Router.
ip as-path access-list 1 permit^5678_[0-9]*$
If you would like for your Router to receive only the routes originated from AS 5678 (and no Internet routes), you can apply an inbound access list on your Router as follows:
ip as-path access-list 1 permit ^5678$
and then give
clear ip bgp 2.2.2.2 soft in prefix-filter
hi guys,
correct me if am wrong
Regards,
Hariharan k
07-17-2009 02:30 AM
Harihan
"If you want your AS to get networks originated from AS 5678 and all directly attached ASs of AS 5678, then only you have to apply the following inbound filter on your Router.
ip as-path access-list 1 permit^5678_[0-9]*$"
Correct, looks like you read the question better than me :-)
J, apologies as i misread your original post. I didn't realise you wanted AS 5678 + any directly attached ASs.
Jon
07-17-2009 02:38 AM
Many thanks for your responses everyone.
The thing is I did apply ip as-path access-list 1 permit^5678_[0-9]*$ as an inbound filter (see config above), and it didn't make any difference! That's my problem - but I seem to get 280,000 routes in my routing table no matter what regex I use....
07-17-2009 03:33 AM
can you please post your bgp config including
the route-map, as-path and part of the show ip bgp
07-17-2009 05:23 AM
Hi Marwanshawi, my config is in my first post.
Thank you,
J
07-17-2009 04:22 AM
J, It looks like you have created an ACL that allows all routes that are transiting through your ISP, which are all of them.
Change your AS_PATH acl to this:
ip as-path access-list 18 permit ^5678(_[0-9]+)?$
Also, try turning on and off deterministic regexp. This also can make a difference in interpreting regexp.
As a side note, do not rush into route-maps without a need. If your requirement is only to filter paths, use "neighbor x.x.x.x filter-list YYY in"
Do not necessarily overcomplicate things
07-17-2009 05:22 AM
Thank you Slidersv. I will give your suggestion a try.
I referred to http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a92.shtml#t5 to get the regexp ^5678_[0-9]*$ - this is also what we're using happily on 2 other devices.
Also I will remove the route-map.
Can you explain how to turn on/off deterministic regexp? I've not come across this before.
07-20-2009 02:15 AM
Hariharan is correct: you need ip as-path access-list 20 permit ^5678$
And don't use the route-map.
You need to look at State/PfxRcd for how many routes you are getting.
07-20-2009 03:43 AM
deleted
07-20-2009 03:46 AM
Deterministic regexp:
(config)#router bgp XXX
(config-router)#bgp regexp deterministic
07-21-2009 03:06 PM
Just want to make sure that you 'soft in' the bgp session after making changes to your filters.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide