Val:~$ whoami

I am Val Glinskiy, network engineer specializing in data center networks. TIME magazine selected me as Person of the Year in 2006.

Search This Blog

Thursday, December 22, 2011

BGP network route-map command

Let's consider following simple network:
Here is related configuration
R1
interface Loopback0
 ip address 1.1.1.1 255.255.255.255

interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255 
 neighbor 192.168.12.2 remote-as 2
 neighbor 192.168.12.2 send-community both
 no auto-summary
!
ip bgp-community new-format

R2
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
end
interface FastEthernet0/1
 ip address 192.168.23.2 255.255.255.0
end

router bgp 2
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.12.1 remote-as 1
 neighbor 192.168.23.3 remote-as 3
 no auto-summary
!
ip bgp-community new-format

R3
interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
!
router bgp 3
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.23.2 remote-as 2
 no auto-summary

The prefix 1.1.1.1/32 is advertised to R2 and R3:
R2#sho ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 14
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  Advertised to update-groups:
        1
  1
    192.168.12.1 from 192.168.12.1 (1.1.1.1)
      Origin IGP, metric 0, localpref 100, valid, external, best

Now, let's add community attribute to 1.1.1.1/32 prefix by using network route-map command. First, we create route-map

R1#conf t
R1(config)#route-map LOOP1
R1(config-route-map)#set community 1:100
R1(config-route-map)#exit

Second, apply this route-map to the prefix
R1(config)#router bgp 1
R1(config-router)#network 1.1.1.1 mask 255.255.255.255 route-map LOOP1

We can see on R2 that community 1:100 was indeed added to 1.1.1.1/32

R2#show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 15
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x8A0
  Advertised to update-groups:
        1
  1
    192.168.12.1 from 192.168.12.1 (1.1.1.1)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Community: 1:100

So far, so good. Now I am going to try well-known community no-export, so R2 does not advertise 1.1.1.1/32 to R3
R1# conf t
R1(config)#route-map LOOP1
R1(config-route-map)#no set community 1:100
R1(config-route-map)#set community no-export

Debug output on R1 indicates that 1.1.1.1/32 is not advertised to R2

*Mar  1 02:37:19.771: BGP(0): sourced route for 1.1.1.1/32 path #0 changed (weight 32768)
*Mar  1 02:37:20.231: BGP(0): nettable_walker 1.1.1.1/32 route sourced locally
*Mar  1 02:37:20.231: BGP(0): 192.168.12.2 send unreachable 1.1.1.1/32
*Mar  1 02:37:20.231: BGP(0): 192.168.12.2 send UPDATE 1.1.1.1/32 -- unreachable
*Mar  1 02:37:20.319: BGP(0): 192.168.12.2 rcv UPDATE about 1.1.1.1/32 -- withdrawn

Sure enough:
R2#show ip bgp 1.1.1.1/32
% Network not in table

That's not what I intended. What happened? The thing is route-map key in BGP network command changes attributes BEFORE affected prefix is inserted into BGP routing table. In this case no-export community is added first, then R1 puts 1.1.1.1/32 in BGP routing table on R1, where R1 sees that this prefix can not be advertised outside its AS. To verify, let's change R1-R2 from eBGP into iBGP:

R1#sho run | sec r b
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255 route-map LOOP1
 neighbor 192.168.12.2 remote-as 1
 neighbor 192.168.12.2 send-community both
 no auto-summary

R2#sho run | sec r b
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.12.1 remote-as 1
 neighbor 192.168.23.3 remote-as 3
 no auto-summary

R3#sho run | sec r b
router bgp 3
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.23.2 remote-as 1
 no auto-summary

1.1.1.1/32 should appear in R2's BGP routing table:
R2#sho ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
  Not advertised to any peer
  Local
    192.168.12.1 from 192.168.12.1 (1.1.1.1)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Community: no-export

Since R1 and R2 are in the same ASN, no-export community does not affect route advertisement. However,
R3#show ip bgp 1.1.1.1/32
% Network not in table

Important thing to remember is that in this case route-map changes attributes BEFORE prefix added into BGP routing table and advertised to other BGP peers.






Saturday, November 19, 2011

Hidden OSPF command

I was testing some OSPF features and wanted to check routes learned via OSPF. Before going into LSA database, I checked RIB, but the output format was not what I was expecting:

           OSPF Router with ID (1.1.1.1) (Process ID 1)


    Area BACKBONE(0)


    Intra-area Route List
*   1.1.1.1/32, Intra, cost 1, area 0, Connected
      via 1.1.1.1, Loopback0
*   11.11.11.11/32, Intra, cost 1, area 0, Connected
      via 11.11.11.11, Loopback11

    Intra-area Router Path List
i 4.4.4.4 [564] via 192.168.12.2, Serial1/0.12, ABR, Area 0, SPF 11

    Inter-area Route List
*>  4.4.4.4/32, Inter, cost 565, area 0
      via 192.168.12.2, Serial1/0.12

    Area 1

    Intra-area Route List
*>  192.168.24.0/24, Intra, cost 564, area 1
      via 192.168.12.2, Serial1/0.12


So, I checked what I typed in the command line. It was "R1#sho ip ospf route" instead of "show ip route ospf". However, "route" does not show up as an option for "show ip ospf" command:
R1#sho ip ospf ?
  <1-65535>            Process ID number
  border-routers       Border and Boundary Router Information
  database             Database summary
  flood-list           Link state flood list
  interface            Interface information
  max-metric           Max-metric origination information
  mpls                 MPLS related information
  neighbor             Neighbor list
  request-list         Link state request list
  retransmission-list  Link state retransmission list
  rib                  Routing Information Base (RIB)
  sham-links           Sham link information
  statistics           Various OSPF Statistics
  summary-address      Summary-address redistribution Information
  timers               OSPF timers information
  traffic              Traffic related statistics
  virtual-links        Virtual link information
  |                    Output modifiers
 R1#sho ip ospf route ?
% Unrecognized command

I am running 12.4(15)T14 on the router. This is very useful command and output is easier to interpret than "show ip ospf database". Why does Cisco keep it hidden?