Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1929
Views
0
Helpful
2
Replies

Applying route-policy on an existing BGP peer on ASR9000

Go to solution
CSC012636105
Level 1
Level 1

‎06-21-2018 09:17 AM - edited ‎03-01-2019 03:25 PM

I am trying to modify the outbound policy for an existing BGP peer on ASR9000, I shut down the BGP session, entered the address family for specific neighbor and removed the existing route-policy, then i applied the new route-policy for outbound traffic. It then returned an error message shown below; the objective of changing the route-policy was to deny RFC1918 prefixes outbound as some are been leaked.

 

Error message when i try to commit:

After deleting the existing the RPL and inserting the new RPL then commit, got the error message below:

 

% Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed' from this session to view the errors

 

See config applied to the BGP peer before commit

RP/0/RSP0/CPU0:name-ASR9b(config)#show confi
show confi

Thu Jun 21 04:09:48.459 EDT

Building configuration...

!! IOS XR Configuration 4.3.0

router bgp XXXX

neighbor X.X.X.X

no shutdown

address-family ipv4 unicast

route-policy RPL-description-OUT out

 

For the route-policy definition:

prefix-set pfx_definition_rfc1918
10.0.0.0/8 ge 8,
172.16.0.0/12 ge 12,
192.168.0.0/16 ge 16

end-set


as-path-set ASPS-definition-OUT
ios-regex '^AS_',
ios-regex '^AS_',
ios-regex '^AS_',
ios-regex '^AS_',
ios-regex '^AS_',
ios-regex '^$'
end-set
set

 

route-policy RPL-description-OUT
if destination in pfx_definition_rfc1918 then
drop
endif
if as-path in ASPS-definition-OUT then
 pass
else
 drop
endif
end-policy

 

Prior to the change, a different route-policy was been applied matching only as-path, all am trying to do is create a new route-policy to drop outbound traffic match RFC1918 prefix-set and pass all in as-path.

 

 

Any suggestions?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
smilstea
Cisco Employee
Cisco Employee

‎06-21-2018 09:55 AM

I put this in 4.3.4 and it worked, can you try again and when it fails capture 'show config failed'?

 

Thanks,

Sam

View solution in original post

0 Helpful
2 Replies 2

Go to solution
smilstea
Cisco Employee
Cisco Employee

‎06-21-2018 09:55 AM

I put this in 4.3.4 and it worked, can you try again and when it fails capture 'show config failed'?

 

Thanks,

Sam

0 Helpful

Go to solution
CSC012636105
Level 1
Level 1
In response to smilstea

‎06-22-2018 06:49 AM

Thanks for looking into this, I tried it again on the node this night and it worked. When i "show configuration failed" i noticed that it failed because the route-policy was referencing a prefix-set that wasn't defined on this particular router unlike the others, once i got that fixed it went as planned.

 

Just out of curiosity, it appears I can't modify a route-policy attached to a BGP neighbor without first shutting down the neighbor before manipulating the RPL statement. When i tried deleting the policy statement and commit, got the error message below:

 

!!% Deletion of policy [RPL-description-OUT] is not allowed because it is in use at the bgp neighbor-out-dflt attach point.

end

 

 

Thanks once again!

0 Helpful
Customers Also Viewed These Support Documents