Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
0
Helpful
1
Replies

ORF between IOS-XE and IOS-XR not working

steven.crutchley
Level 1
Level 1

‎01-09-2021 05:28 PM - edited ‎01-10-2021 04:07 AM

I have the following BGP setup between CEL7 and SP1R2:

 

hostname SP1R2
!
router bgp 3356
 bgp router-id 33.56.2.2
 address-family ipv4 unicast
  maximum-paths ebgp 8
  network 33.56.2.2/32
  aggregate-address 33.56.0.0/16 summary-only
  redistribute connected
!
neighbor 40.60.27.7
 remote-as 100
 address-family ipv4 unicast
  route-policy FROM-AS100 in
  route-policy PASS out
  capability orf prefix both
!

hostname CEL7
!
router bgp 100
 neighbor 40.60.27.2 remote-as 3356
!
address-family ipv4
 neighbor 40.60.27.2 activate
 neighbor 40.60.27.2 capability orf prefix-list both 
 neighbor 40.60.27.2 route-map FROM-3356 in

FROM-3356 blocks all but 3 prefixes. 

CEL7#sh run | sec FROM-3356
  neighbor 40.60.27.2 route-map FROM-3356 in
ip prefix-list FROM-3356 seq 5 permit 33.56.0.0/16
ip prefix-list FROM-3356 seq 10 permit 21.41.26.0/24
ip prefix-list FROM-3356 seq 15 permit 66.66.67.0/24
route-map FROM-3356 permit 10
 match ip address prefix-list FROM-3356
CEL7#
CEL7#sh bgp ipv4 unicast neighbors  40.60.27.2
BGP neighbor is 40.60.27.2,  remote AS 3356, external link
<snip>
  Slow-peer detection is disabled
  Slow-peer split-update-group dynamic is disabled
                                 Sent       Rcvd
  Prefix activity:               ----       ----
    Prefixes Current:              12          3 (Consumes 408 bytes) <<<
    Prefixes Total:                15          6
    Implicit Withdraw:              0          0
    Explicit Withdraw:              3          3
    Used as bestpath:             n/a          3
    Used as multipath:            n/a          0
    Used as secondary:            n/a          0

                                   Outbound    Inbound
  Local Policy Denied Prefixes:    --------    -------
    route-map:                            0         18 <<<
    Bestpath from this peer:              6        n/a
    Total:                                6         18

I can see SP1R2 and CEL7 has negotiated both send/receive of this capability:

 

BGP neighbor is 40.60.27.7
 Remote AS 100, local AS 3356, external link
 Remote router ID 172.16.7.7
  BGP state = Established, up for 00:12:14
<snip>
 For Address Family: IPv4 Unicast
  BGP neighbor version 223
  Update group: 0.4 Filter-group: 0.3  No Refresh request being processed
  AF-dependent capabilities:
    Outbound Route Filter (ORF) type (128) Prefix:
      Send-mode: advertised, received
      Receive-mode: advertised, received
  Route refresh request: received 5, sent 2
  Policy for incoming advertisements is FROM-AS100
  Policy for outgoing advertisements is PASS
  6 accepted prefixes, 0 are bestpaths
  Cumulative no. of prefixes denied: 0.


However it is still advertising all of the prefixes:

RP/0/0/CPU0:SP1R2#sh bgp ipv4 unicast neighbors 40.60.27.7 advertised-routes
Sun Jan 10 01:14:59.790 UTC
Network            Next Hop        From            AS Path
12.39.0.0/16       40.60.27.2      33.56.5.5       3356 1239i
20.40.17.0/24      40.60.27.2      33.56.5.5       3356 1239 200?
20.40.27.0/24      40.60.27.2      33.56.5.5       3356 1239 200?
21.41.16.0/24      40.60.27.2      33.56.5.5       3356 1239 200?
21.41.26.0/24      40.60.27.2      33.56.5.5       3356 1239 200?
33.56.0.0/16       40.60.27.2      Local Aggregate 3356i
40.60.27.0/24      40.60.27.2      Local           3356?
41.61.16.0/24      40.60.27.2      33.56.5.5       3356?
41.61.26.0/24      40.60.27.2      Local           3356?
66.66.67.0/24      40.60.27.2      33.56.5.5       3356 1239 200?
192.168.6.6/32     40.60.27.2      33.56.5.5       3356 1239 200?
192.168.7.7/32     40.60.27.2      33.56.5.5       3356 1239 200?

Processed 12 prefixes, 12 paths

I would expect it to advertise only 3 prefixes and not all 12. I'm worried I've missed a command or have misunderstood the principle... 

 

Labels:
0 Helpful
1 Reply 1

smilstea
Cisco Employee
Cisco Employee

‎01-10-2021 11:59 AM

From your output I see

Policy for outgoing advertisements is PASS  

 

Can you get the output of show bgp neighbor 40.60.27.7 received prefix-filter?

 

If I am right you are setting a route-policy not a prefix-list on the neighbor, see example here:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3e/irg-iproute-bgp-xe-3e-book/irg-oubound-route-filtering.html

So if you add

Device(config-router-af)# neighbor 10.1.1.1 prefix-list FILTER in

 

it should work instead of the route-map calling the prefix-list.

 

 

This mentions a different command.

http://wiki.kemot-net.com/bgp-outbound-route-filtering

 

R1(config-router)#        neighbor (ip) capability prefix-list in

 

 

I am more versed on XR so I can't tell you which will work, but the above XR command will tell us if we are receiving a prefix-list from the neighbor or not.

 

Sam

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents