Solved: route-map bug in IOS XE?

hocus-pokus-alakazoo · ‎03-20-2024

I'm using Cisco IOS XE Software, Version 16.06.08

I have eBGP setup with a customer. The eBGP peering uses inbound/outbound route maps to filter advertised/received prefixes. I'm advertising 40k+ prefixes to the eBGP peer. The bizarre thing is that my outbound route map invokes a non-existent prefix list. Shouldn't I advertise nothing to the eBGP peer as a result?

router bgp abc
bgp router-id 1.2.3.4
bgp log-neighbor-changes
neighbor 1 remote-as xyz
neighbor 1 description Peer to acme
neighbor 1 route-map RM_FROM_acme in
neighbor 1 route-map RM_TO_acme out

route-map RM_TO_acme permit 10
match ip address prefix-list PL_mycompany_TO_acme

prefix-list PL_mycompany_TO_acme does not exist in config.....so why am I advertising every prefix to neighbor 1? shouldn't default behavior be to advertise no prefixes to neighbor 1?

Harold Ritter · ‎03-20-2024

Hi @hocus-pokus-alakazoo ,

A non existent prefix list causes the match statement to match all prefixes.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

balaji.bandi · ‎03-20-2024

what deive ? try to upgrade to 17.9.4a or higher and test it.

also can you provide configuration bits here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎03-20-2024

If the route-map is permit without match anything the action will be advertise prefix

If the route-map is deny without match anything then action will not advertise any prefix.

MHM

hocus-pokus-alakazoo · ‎03-20-2024

the outbound route map invokes a prefix list that doesn't exist...so how is that there is no outbound filtering in place? I would think that nothing would be advertised as a results of this scenario.

MHM Cisco World · ‎03-20-2024

Can I see route-map?

MHM

Harold Ritter · ‎03-20-2024

Hi @hocus-pokus-alakazoo ,

A non existent prefix list causes the match statement to match all prefixes.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

hocus-pokus-alakazoo · ‎03-20-2024

is that true across all versions of IOS?

Harold Ritter · ‎03-20-2024

Hi @hocus-pokus-alakazoo ,

This has been the behavior for as long as I can remember.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

hocus-pokus-alakazoo · ‎03-20-2024

please see config example in original post

MHM Cisco World · ‎03-20-2024

The prefix list have deny any in end

The route map is permit

So prefix is deny and route map is permit the action is NO action.

It not bug it normal behavior of route map in ios and ios xe.

Ios xr use rpl not route map.

MHM

Harold Ritter · ‎03-20-2024

Hi @MHM Cisco World ,

The OP says that the prefix list is non existent. So the behavior is the one I mentioned above.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Ruben Cocheno · ‎03-20-2024

@hocus-pokus-alakazoo

The IOS/IOSXE doesn't validate if the prefix-list exists or not, so any typo on assigning it will cause that behaviour, which is bypass. instead of blocking.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

David Ruess · ‎03-20-2024

In addition to what @Harold Ritter said its like when people add a second route-map statement (usually entry 20 as the first entry is 10) with just a permit statement permitting all routes. It doesn't have a match in it either. See below:

route-map RM_to_acme permit 10

match ip address prefix-list PL_mycompany_TO_acme

set tag 55

route-map RM_to_acme permit 20

The above config would set a tag of 55 to any route matching the defined prefix list. The second Route-map statement permits all other routes. Because I want to allow ALL routes but only want to tag a select few. Your 1 line route-map is essentially doing what the second statement in mine is doing.

I didn't see it mentioned but you could just change the route-map RM_to_acme permit 10 to a route-map RM_to_acme deny 10 with no PL specified and it wont advertise anything to the BGP peer.

-David

MHM Cisco World · ‎03-21-2024

I try find command help you in detect the route-map permit or deny prefix
command can help you is
show ip bgp route-map

this give you the prefix permit by this prefix

MHM