Re: Tagging internal routes with community

armin.kask · ‎09-04-2007

Hello,

I am trying to set up community based filtering and I cannot seem to be able to tag our own routes with community.

Configuration is:

router bgp 65000

bgp router-id 10.0.0.1

bgp log-neighbor-changes

neighbor 10.0.0.2 remote-as 65001

neighbor 192.168.1.1 remote-as 65002

!

address-family ipv4

redistribute static

neighbor 10.0.0.2 activate

neighbor 10.0.0.2 route-map CLIENT-IN in

neighbor 10.0.0.2 route-map CLIENT-OUT out

neighbor 192.168.1.1 activate

neighbor 192.168.1.1 remove-private-as

neighbor 192.168.1.1 route-map TRANSIT-IN in

neighbor 192.168.1.1 route-map TRANSIT-OUT out

no auto-summary

no synchronization

network 10.0.0.0 mask 255.255.255.0

network 100.0.0.0 mask 255.255.255.0

exit-address-family

!

ip classless

ip route 10.0.0.0 255.255.255.0 Null0 255

ip route 100.0.0.0 255.255.255.0 Null0 255

!

ip bgp-community new-format

ip community-list expanded CLIENT-OUT permit 65000:220

ip community-list expanded CLIENT-OUT permit 65000:200

ip community-list expanded CLIENT-OUT permit 65000:180

ip community-list expanded CLIENT-OUT permit 65000:100

ip community-list expanded TRANSIT-OUT permit 65000:220

ip community-list expanded TRANSIT-OUT permit 65000:100

!

ip prefix-list OUR-NET seq 5 permit 10.0.0.0/24

ip prefix-list OUR-NET seq 10 permit 100.0.0.0/24

!

route-map TRANSIT-OUT permit 10

match community TRANSIT-OUT

!

route-map CLIENT-IN permit 10

set local-preference 120

set community 65000:220

!

route-map TRANSIT-IN permit 10

set local-preference 80

set community 65000:180

!

route-map CLIENT-OUT permit 10

match community CLIENT-OUT

!

route-map OUR-NET permit 10

match ip address prefix-list OUR-NET

set community 65000:100

The client gets routes from our upstream and upstream gets routes from our client but nobody gets our routes.

Is there something wrong in this configuration when tagging our own routes and advertising them to our upstream and client?

Thanks in advance!

Edison Ortiz · ‎09-04-2007

You need to use the command:

neighbor [peer_ip_address] send-community

Joseph W. Doherty · ‎09-04-2007

Try "neighbor xxx.xxx.xxx.xx send-community" with your BGP peers.

armin.kask · ‎09-04-2007

No change. Still customer and upstream get eachothers routes but our routes dont get distributed. I think the problem is that our local routes dont get community tagged but According to some manuals the route-map OUR-NET config should be correct.

Edison Ortiz · ‎09-04-2007

Per your config:

a) you are announcing your static routes via redistribution. Do you see those static routes on this router BGP table ?

b) you have

route-map CLIENT-OUT permit 10

match community CLIENT-OUT

and CLIENT-OUT is

ip community-list expanded CLIENT-OUT permit 65000:200

Well, routes leaving your router aren't tagged yet. Tags are applied as they are sent to the BGP peer or as they come into your router. Your neighbor will see the tag (after adding the send-community option). You are only able to see the tags as they come into your router.

You have nothing to match as they exit, I believe you want to apply the tag as they exit .

The same idea applies to TRANSIT-OUT.

If you do a show ip bgp [ip address] on one of those routes you want to advertise, do you see a tag ? Were those routes originated on this router or learned from another BGP peer ?

armin.kask · ‎09-04-2007

The redistribute static was an error from my experiments and I removed it.

sh ip bgp 100.0.0.0 says:

BGP routing table entry for 100.0.0.0/24, version 5

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Flag: 0x820

Not advertised to any peer

Local

0.0.0.0 from 0.0.0.0 (10.0.0.1)

Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best

R3#

I want to allow our routes to be advertised to upstreams and our customers. I tried to tag them with community 65000:100 and then I added

the community to TRANSIT-OUT and CLIENT-OUT

community lists

Edison Ortiz · ‎09-04-2007

Ok, I reviewed your config a bit more carefully and now I believe I understand your logic

a) You have 192.168.1.1 and 10.0.0.2 neighbors and you are acting as a transit router.

b) routes coming from 192.168.1.1 are tagged with 65000:180

c) routes coming from 10.0.0.2 are tagged 65000:220

d) You have announce back to 192.168.1.1 routes learned from 10.0.0.2 with a match statement, and opposite direction.

However, you aren't matching your static routes in the advertisement. The route-map filters this advertisement.

You need to add the OUR-NET prefix-list on each OUT route-map.

Ex,

route-map TRANSIT-OUT permit 10

match community TRANSIT-OUT

match ip address prefix-list OUR-NET

armin.kask · ‎09-04-2007

You are correct, my router is transit between both AS-es.

When I add the prefix-list then my routes get advertised but is there a way to do this with communitys instead of prefix-lists?

Edison Ortiz · ‎09-04-2007

Routes are tagged as they enter/exit your router. You can't tag your own routes for internal processing. You need to match based on prefix-lists.