03-20-2024 03:17 PM - edited 03-20-2024 03:56 PM
I'm using Cisco IOS XE Software, Version 16.06.08
I have eBGP setup with a customer. The eBGP peering uses inbound/outbound route maps to filter advertised/received prefixes. I'm advertising 40k+ prefixes to the eBGP peer. The bizarre thing is that my outbound route map invokes a non-existent prefix list. Shouldn't I advertise nothing to the eBGP peer as a result?
router bgp abc
bgp router-id 1.2.3.4
bgp log-neighbor-changes
neighbor 1 remote-as xyz
neighbor 1 description Peer to acme
neighbor 1 route-map RM_FROM_acme in
neighbor 1 route-map RM_TO_acme out
route-map RM_TO_acme permit 10
match ip address prefix-list PL_mycompany_TO_acme
prefix-list PL_mycompany_TO_acme does not exist in config.....so why am I advertising every prefix to neighbor 1? shouldn't default behavior be to advertise no prefixes to neighbor 1?
Solved! Go to Solution.
03-20-2024 03:58 PM
A non existent prefix list causes the match statement to match all prefixes.
Regards,
03-20-2024 03:20 PM
what deive ? try to upgrade to 17.9.4a or higher and test it.
also can you provide configuration bits here.
03-20-2024 03:23 PM - edited 03-20-2024 04:10 PM
If the route-map is permit without match anything the action will be advertise prefix
If the route-map is deny without match anything then action will not advertise any prefix.
MHM
03-20-2024 03:48 PM - edited 03-20-2024 03:49 PM
the outbound route map invokes a prefix list that doesn't exist...so how is that there is no outbound filtering in place? I would think that nothing would be advertised as a results of this scenario.
03-20-2024 03:55 PM
Can I see route-map?
MHM
03-20-2024 03:58 PM
A non existent prefix list causes the match statement to match all prefixes.
Regards,
03-20-2024 03:59 PM
is that true across all versions of IOS?
03-20-2024 04:01 PM
This has been the behavior for as long as I can remember.
Regards,
03-20-2024 03:58 PM
please see config example in original post
03-20-2024 04:04 PM
The prefix list have deny any in end
The route map is permit
So prefix is deny and route map is permit the action is NO action.
It not bug it normal behavior of route map in ios and ios xe.
Ios xr use rpl not route map.
MHM
03-20-2024 04:08 PM
Hi @MHM Cisco World ,
The OP says that the prefix list is non existent. So the behavior is the one I mentioned above.
Regards,
03-20-2024 04:35 PM
The IOS/IOSXE doesn't validate if the prefix-list exists or not, so any typo on assigning it will cause that behaviour, which is bypass. instead of blocking.
03-20-2024 05:59 PM
In addition to what @Harold Ritter said its like when people add a second route-map statement (usually entry 20 as the first entry is 10) with just a permit statement permitting all routes. It doesn't have a match in it either. See below:
route-map RM_to_acme permit 10
match ip address prefix-list PL_mycompany_TO_acme
set tag 55
route-map RM_to_acme permit 20
The above config would set a tag of 55 to any route matching the defined prefix list. The second Route-map statement permits all other routes. Because I want to allow ALL routes but only want to tag a select few. Your 1 line route-map is essentially doing what the second statement in mine is doing.
I didn't see it mentioned but you could just change the route-map RM_to_acme permit 10 to a route-map RM_to_acme deny 10 with no PL specified and it wont advertise anything to the BGP peer.
-David
03-21-2024 12:20 AM
I try find command help you in detect the route-map permit or deny prefix
command can help you is
show ip bgp route-map
this give you the prefix permit by this prefix
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide