---------- Forwarded message ---------- From: Jay Young - Taylor To: "Edwards, Andrew M" Date: Thu, 01 Sep 2005 22:13:45 -0400 Subject: Re: bgp silly question Andrew, I would say that the first would be the correct option. As you said it would prevent you from advertising all routes except for your own. The second option will not work because with the following topology AS1===(YOUR AS)===AS2====AS3: AS1 would have a route to AS2 through you and vice versa; even though AS2 would not forward the routes to AS3 any packet with a source from withing AS1 and a destination withing AS2 would transit your area (assuming you don't have any traffic access lists implemented). Hope that helps -JYT Edwards, Andrew M wrote: >If the requirement is to not allow you to be a transit AS and you are >neighbored to only one AS at this time.... > >Which is the best method to ensure you don't become a transit AS if >neither is specified? > >1. only advertised routes with an empty path to the eBGP neighbor AS >(e.g. permit only ^$) >Logic: local AS routes do not have a path when advertised. It is the >receiving AS neighbor that appends the AS path to a prefix. >This way the prefixes will be empty in path for local AS originated >prefixes. No other learned prefixes would be advertised regardless. >In effect my AS is not advertising reachability to any other AS. So, it >cant be a transit AS. > > > >2. set "no-export" community to learned prefixes from eBGP neighbors. >Send community to all iBGP neighbors > Makes sure eBGP neighbor AS' can reach you but not advertise >learned prefixes from your AS. --- Subject: RE : Route Filtering order of operation Q. What is the order of preference of attributes when some or all are applied to one neighbor in BGP? A. The order of preference varies based on whether the attributes are applied for inbound updates or outbound updates. For inbound updates the order of preference is: route-map filter-list prefix-list, distribute-list For outbound updates the order of preference is: prefix-list, distribute-list filter-list route-map Note: The attributes prefix-list and distribute-list are mutually exclusive, and only one command (neighbor prefix-list or neighbor distribute-list) can be applied to each inbound or outbound direction for a particular neighbor. Extracted from http://www.cisco.com/en/US/customer/tech/tk365/technologies_q_and_a_item0918 6a00800949e8.shtml#one ---- Subject: Re: Mnemonics for BGP Best Path Algorithm Victor, The last time I asked the group here are the 2 good ones that I got #--- 1 --- We - weight Love - local preference Algorithms - as-path On - Origin My - MED Router - router-id #--- 2 --- Discard all Worries before Leaving Rome As the Original Mis-information Sound's like a Neighbor's Idea. Discard = DISCARD unreachable next hop. Worries= highest WEIGHT Leaving=highest LOCALpreference Rome=Originated on this ROUTER As=shortest AS_PATH Original=ORIGIN code Mis-information=lowest MED Sound=SOURCE (external or internal) Neighbor's=Closet IGP NEIGHBOR Idea=lowest router ID ---- Jian, The commands are quite different The conditional advertisement will advertise a route when certain conditions are met. These conditions are set by the advertise-map and the non-exist-map, both are created via route-maps. If the condition in the non-exist-map is not met then the prefix in the advertise map is sent. So if I have the following route-map advertise permit 10 match ip address prefix-list 10 route-map noexist permit 10 match ip address prefix-list 20 ip prefix-list 10 permit 129.1.1.0/24 ip prefix-list 20 permit 192.168.1.0/24 Neighbor 10.10.10.1 advertise-map advertise non-exist-map noexist In this situation if 192.168.1.0 is in the bgp table, then 129.1.1.0 does not get advertised to this peer. If 192.168.1.0 is not in the bgp table then 129.1.1.0 will be advertised to the peer. Now the bgp inject is used to inject more specific prefixes into an advertisement. Say for argument I am recieving the prefix 10.0.0.0, however I wish to advertise 10.10.10.0/24, I need to 'inject' this into the bgp table. So without using the inject map, the router will advertise the 10.0.0.0 prefix to all peers and with it, it will advertise the more specific prefix 10.10.10.0/24 to peers. This will only happen whiles 10.0.0.0 is in the BGP routing table and that the source of the advertising router matches the match ip route-source within the exist-map of this command. HTH Simon -----Original Message----- From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Jian Gu Sent: 13 October 2005 07:46 To: Cisco certification Subject: BGP conditioanl inject and conditional advertisement Hi, Could someone please explain to me what exactly the difference is between bgp conditional inject and bgp conditional advertisement? conditional inject: bgp inject-map exist-map and conditional advertisement: neighbor advertise-map non-exist-map|exit-map ---- Subject: Re: BGP table RIB failure Hello Simon, From what I am told, the answer is no. As you correctly point out a network can work as intended with rib failues, as all it means (as I'm sure you know) is that the same route with a lower admin distance is available. In fact I can think of a number of scenarios where the exam could ask you to stop a prefix from being advertized to a peer, then forbid all the usual mechanisms and leave you with the use of the BGP command bgp suppress-inactive that prevents rib failure routes from being advertized in updates. Chris simon hart wrote: I have found that under certain conditions within a lab there is no way to overcome a Rib failure. ---- Subject: Re: Let's Tunnel BGP Due to Non-BGP Speaker in Transit Path! Anthony, I've pasted in a working config at the end of this mail for what I understand you want to achieve. In fact what you describe is the way internetworks were originally intended to be run with BGP only at the edges. Network designers thougt to tunnel between edge devices. However back then the processing cost of tunneling was too great for software based routers and BGP ended up being needed on all transit devices to stop black-holing. Now the processing cost of tunneling has gone away with hardware implementations of MPLS and L2TPv3 tunneling, BGP free cores are gaining popularity with designers. Anyway, I digress. I have the following setup R4------R1----R2-----R3 R4 is eBGP to R1 and R1 is iBGP to R3. R2 has no BGP. R4 injects the prefix 172.16.4.0 in to BGP and has the loopback 172.16.4.4 R2 has no knowledge of this route and R3 is able to ping it via a tunnel. I think the key issues to consider are the following With next-hop-self on R1, R3 will see the next hop for 172.16.4.0 as R1, we want R3 then to route towards R1 via the tunnel created between R1 and R3. However we do not want R3 to see other destinations via the tunnel, as you could then run in to route recursion issues and the tunnel would come down. In this example, I have auto-summary on for eigrp, so the 1.1.1.0 learned via the tunnel; is the longest path match for 1.1.1.1, but if auto-summary was off, you would have to mess with metrics or filtering to get the route to 1.1.1.1 preferred via the tunnel. The following are good guidelines (pased to my by Tinjin Chang) for creating stable tunnels that have never let me down. [TC begins] You need to worry about "ip unnumbered" only if you are told that you couldn't add another address/subnet. The highlights assume that we are tunnelling OSPF across an IS-IS only part of the network. But these concepts apply even if you are tunnelling OSPF across OSPF. 1) The interface that you are going to reference in "ip unnumbered" a) these interfaces must belong to the SAME OSPF area on both routers If you're going to use the loopback0s, for example, then these two routers' loopback0s must be in the same area or OSPF won't work correctly. 2) The tunnel source a) must be reachable prior to the tunnel going up b) the far end must NOT learn this route via OSPF inside the tunnel i) use distance or distribute-list, depending on the requirements 3) The tunnel destination a) must be reachable prior to the tunnel going up b) the local router must NOT learn this route via OSPF inside the tunnel i) use distance or distribute-list, depending on the requirements 4) The tunnel mode a) Your choices are gre, ipip, and nos [TC ends] Once you have a stable tunnel, the routing table on R3 should look like this 1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks D 1.1.1.0/24 [90/297372416] via 1.1.1.1, 00:18:41, Tunnel0 D 1.0.0.0/8 [90/2300416] via 4.4.12.2, 00:21:26, FastEthernet0/0 D 2.0.0.0/8 [90/156160] via 4.4.12.2, 00:18:41, FastEthernet0/0 3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 3.3.3.0/24 is directly connected, Loopback0 D 3.0.0.0/8 is a summary, 00:18:41, Null0 4.0.0.0/8 is variably subnetted, 5 subnets, 2 masks B 4.4.4.0/24 [200/0] via 1.1.1.1, 00:15:36 D 4.0.0.0/8 is a summary, 00:22:05, Null0 D 4.4.8.0/24 [90/2172416] via 4.4.12.2, 00:18:43, FastEthernet0/0 C 4.4.12.0/24 is directly connected, FastEthernet0/0 D 4.4.14.0/24 [90/2174976] via 4.4.12.2, 00:18:43, FastEthernet0/0 172.16.0.0/24 is subnetted, 1 subnets B 172.16.4.0 [200/0] via 1.1.1.1, 00:15:37 The routing table on R2 has no 172.16.0.0 R2#sho ip rout 172.16.0.0 % Network not in table R2# R3 can ping 172.16.4.4 via the tunnel to R1 R3(config-router)#do ping 172.16.4.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.4.4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/69/72 ms R3#trace 172.16.4.4 Type escape sequence to abort. Tracing the route to 172.16.4.4 1 1.1.1.1 40 msec 40 msec 44 msec 2 4.4.14.4 40 msec * 44 msec These are all configs for router 1 through 4 R1 interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface Tunnel0 ip unnumbered Loopback0 tunnel source 4.4.8.1 tunnel destination 4.4.12.3 ! interface Serial0/0 ip address 4.4.8.1 255.255.255.0 encapsulation frame-relay ip ospf network broadcast frame-relay map ip 4.4.8.2 122 broadcast no frame-relay inverse-arp ! interface FastEthernet0/1 ip address 4.4.14.1 255.255.255.0 ! router eigrp 1 network 1.0.0.0 network 4.0.0.0 auto-summary ! router bgp 13 no synchronization bgp log-neighbor-changes neighbor 3.3.3.3 remote-as 13 neighbor 3.3.3.3 update-source Loopback0 neighbor 3.3.3.3 next-hop-self neighbor 4.4.14.4 remote-as 4 no auto-summary R2 interface Loopback0 ip address 2.2.2.2 255.255.255.0 ! interface FastEthernet0/0 ip address 4.4.12.2 255.255.255.0 duplex auto speed auto ! interface Serial0/0 ip address 4.4.8.2 255.255.255.0 encapsulation frame-relay ip ospf network broadcast ip ospf priority 0 frame-relay map ip 4.4.8.1 221 broadcast no frame-relay inverse-arp ! router eigrp 1 network 2.0.0.0 network 4.0.0.0 auto-summary R3 interface Loopback0 ip address 3.3.3.3 255.255.255.0 ! interface Tunnel0 ip unnumbered Loopback0 tunnel source 4.4.12.3 tunnel destination 4.4.8.1 ! interface FastEthernet0/0 ip address 4.4.12.3 255.255.255.0 ! router eigrp 1 network 3.0.0.0 network 4.0.0.0 auto-summary ! router bgp 13 no synchronization bgp log-neighbor-changes network 3.3.3.0 mask 255.255.255.0 neighbor 1.1.1.1 remote-as 13 neighbor 1.1.1.1 update-source Loopback0 no auto-summary R4 interface Loopback0 ip address 4.4.4.4 255.255.255.0 ! interface Loopback1 ip address 172.16.4.4 255.255.255.0 ! router bgp 4 no synchronization bgp log-neighbor-changes network 4.4.4.0 mask 255.255.255.0 network 172.16.4.0 mask 255.255.255.0 neighbor 4.4.14.1 remote-as 13 no auto-summary ---- On 12/2/05, Scott Morris wrote: > > Is 150.1.5.5 in the routing table? > > More importantly, is it in there with something other than a default route > to get to it? > > Seems the router is telling you the problem. :) But of course, right at > the end of time doesn't exactly help in testing things, does it! > > Scott > > -----Original Message----- > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of > Anthony Sequeira > Sent: Friday, December 02, 2005 8:42 PM > To: Cisco certification > Subject: No Best Path with BGP > > Wow - is this interesting....sadly it happened right as I got kicked off > my > rental rack today....so I need the expertise of the group to help me > understand..... > > Simple BGP topology...... > > R5(AS 200) -------------R2(AS 300) > > I wanted to use a route-map to change the next-hop value of incoming > routes > from R5 so that the next hop will be the loopback of R5. By the way - I > had > best paths and everything was fine before trying this change.... > > R2# > ! > router bgp 300 > no synchronization > neighbor 136.1.245.5 remote-as 200 > neighbor 136.1.245.5 route-map HOPPER in no auto-summary ! > route-map HOPPER permit 10 > set ip next-hop 150.1.5.5 > > After this config - the next hop does change - but now no BEST PATHs: > > R2#show ip bgp > BGP table version is 7, local router ID is 150.1.2.2 Status codes: s > suppressed, d damped, h history, * valid, > best, i - internal, > r RIB-failure, S Stale > Origin codes: i - IGP, e - EGP, ? - incomplete > > Network Next Hop Metric LocPrf Weight Path > * 205.90.31.0 150.1.5.5 0 200 254 ? > * 220.20.3.0 150.1.5.5 0 200 254 ? > * 222.22.2.0 150.1.5.5 0 200 254 ? > I try and get some details: > > R2#show ip bgp 222.22.2.0 > BGP routing table entry for 222.22.2.0/24, version 7 > Paths: (1 available, no best path) > Not advertised to any peer > 200 254 > 150.1.5.5 (inaccessible) from 136.1.245.5 (150.1.5.5) > Origin incomplete, localpref 100, valid, external > > OK - so 150.1.5.5 is inaccessible from 136.1.245.5? My goodness - these > interfaces are on the same router! What gives? Could it be that > 136.1.245.5is a Frame Relay interface that is not pingable from the > loopback > address ( 150.1.5.5)? OK - I know I am reaching - but I am tired after 10 > hours on the rack..... > > Can anyone help? > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html ---------- Forwarded message ---------- From: "Brian Dennis" To: "Anthony Sequeira" , Date: Sat, 3 Dec 2005 00:50:00 -0500 Subject: RE: No Best Path with BGP Anthony, You need to add eBGP multihop to your configuration since you changed the next hop to an IP address that isn't directly connected. router bgp 1 no synchronization neighbor 136.1.12.2 remote-as 2 neighbor 136.1.12.2 route-map SET->NEXT->HOP in no auto-summary ! route-map SET->NEXT->HOP permit 10 set ip next-hop 150.2.2.2 Rack2R1#sho ip bgp 172.16.0.0 BGP routing table entry for 172.16.0.0/16, version 0 Paths: (1 available, no best path) Not advertised to any peer 2 150.2.2.2 (inaccessible) from 136.1.12.2 (150.2.2.2) Origin IGP, metric 0, localpref 100, valid, external Rack2R1#conf t Enter configuration commands, one per line. End with CNTL/Z. Rack2R1(config)#router bgp 1 Rack2R1(config-router)#neighbor 136.1.12.2 ebgp-multihop 10 Rack2R1(config-router)#^Z Rack2R1# Rack2R1#clear ip bgp * Rack2R1# *Mar 1 00:59:11.201: %BGP-5-ADJCHANGE: neighbor 136.1.12.2 Down User reset *Mar 1 00:59:49.403: %BGP-5-ADJCHANGE: neighbor 136.1.12.2 Up Rack2R1#sho ip bgp 172.16.0.0 BGP routing table entry for 172.16.0.0/16, version 2 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 Not advertised to any peer 2 150.2.2.2 (metric 11) from 136.1.12.2 (150.2.2.2) Origin IGP, metric 0, localpref 100, valid, external, best Rack2R1# HTH, Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security) bdennis@internetworkexpert.com Internetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Direct: 775-745-6404 (Outside the US and Canada) --- ---------- Forwarded message ---------- From: Mike Flanagan To: Cisco certification Date: Wed, 7 Dec 2005 12:06:33 -0500 Subject: IE Lab 6 conditional default route advertisement In this section for injecting a default route you only do it if your route-map matches the networks in question. Like for instance as long as I have a route to 192.10.1.0/24 advertise the default route. Well what if I wanted to advertise the default route if I lost a route in my route table ? Like for instance lets say if I lost my connection to BB2 would I use router ospf 1 default-information originate always route-map CONDITION ip prefix-list BB2 seq 5 permit 192.10.1.0/24 ip prefix-list BB3 seq 5 permit 204.12.1.0/24 route-map CONDITION deny 10 match ip address prefix-list BB2 rute-map CONDITION deny 20 match ip address prefix-list BB3 I think with this I would only advertise the default route if I lose either route in my route table is this correct ? Also with this solution would I only advertise the default route if I lose both connections at the same time ? router ospf 1 default-information originate always route-map CONDITION ip prefix-list BB2 seq 5 permit 192.10.1.0/24 ip prefix-list BB2 seq 5 permit 204.12.1.0/24 route-map CONDITION deny 10 match ip address prefix-list BB2 ----- No-prepend example from another message board: ... 'no-prepend' prevents the 'local-as' AS from being added to the path, but only for peerings "behind" the 'local-as' peering. From the outside, you will always see the 'local-as'. **** R1(AS1)--R2(AS23)--R3(AS23)--R4(AS4)--R5(AS5) Network XX on R1, Network YY on R5. Assuming that R3's peering to R4 includes local-as 100 R1(AS1)--R2(AS23)--R3(AS23)--local-AS100))-R4(AS4)--R5(AS5) R1 sees network YY with path 23 100 4 5. with no-prepend on R3's peering to R4, R1 would see 23 4 5. R5 sees network XX with path 4 100 23 1. with no-prepend on R3's peering to R4, R5 still sees the path as 4 100 23 1. **** In this case, R1 and R2 are "behind the 'local-as'", and may or not see the local-as in the path depending on whether or not the no-prepend keyword is used. R4 and R5 are "outside the 'local-as'", and will always see local-as, regardless of whether or not R3 is configured with the 'no-prepend' keyword. --