Val:~$ whoami

I am Val Glinskiy, network engineer specializing in data center networks. TIME magazine selected me as Person of the Year in 2006.

Search This Blog

Thursday, December 22, 2011

BGP network route-map command

Let's consider following simple network:
Here is related configuration
R1
interface Loopback0
 ip address 1.1.1.1 255.255.255.255

interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255 
 neighbor 192.168.12.2 remote-as 2
 neighbor 192.168.12.2 send-community both
 no auto-summary
!
ip bgp-community new-format

R2
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
end
interface FastEthernet0/1
 ip address 192.168.23.2 255.255.255.0
end

router bgp 2
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.12.1 remote-as 1
 neighbor 192.168.23.3 remote-as 3
 no auto-summary
!
ip bgp-community new-format

R3
interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
!
router bgp 3
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.23.2 remote-as 2
 no auto-summary

The prefix 1.1.1.1/32 is advertised to R2 and R3:
R2#sho ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 14
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  Advertised to update-groups:
        1
  1
    192.168.12.1 from 192.168.12.1 (1.1.1.1)
      Origin IGP, metric 0, localpref 100, valid, external, best

Now, let's add community attribute to 1.1.1.1/32 prefix by using network route-map command. First, we create route-map

R1#conf t
R1(config)#route-map LOOP1
R1(config-route-map)#set community 1:100
R1(config-route-map)#exit

Second, apply this route-map to the prefix
R1(config)#router bgp 1
R1(config-router)#network 1.1.1.1 mask 255.255.255.255 route-map LOOP1

We can see on R2 that community 1:100 was indeed added to 1.1.1.1/32

R2#show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 15
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x8A0
  Advertised to update-groups:
        1
  1
    192.168.12.1 from 192.168.12.1 (1.1.1.1)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Community: 1:100

So far, so good. Now I am going to try well-known community no-export, so R2 does not advertise 1.1.1.1/32 to R3
R1# conf t
R1(config)#route-map LOOP1
R1(config-route-map)#no set community 1:100
R1(config-route-map)#set community no-export

Debug output on R1 indicates that 1.1.1.1/32 is not advertised to R2

*Mar  1 02:37:19.771: BGP(0): sourced route for 1.1.1.1/32 path #0 changed (weight 32768)
*Mar  1 02:37:20.231: BGP(0): nettable_walker 1.1.1.1/32 route sourced locally
*Mar  1 02:37:20.231: BGP(0): 192.168.12.2 send unreachable 1.1.1.1/32
*Mar  1 02:37:20.231: BGP(0): 192.168.12.2 send UPDATE 1.1.1.1/32 -- unreachable
*Mar  1 02:37:20.319: BGP(0): 192.168.12.2 rcv UPDATE about 1.1.1.1/32 -- withdrawn

Sure enough:
R2#show ip bgp 1.1.1.1/32
% Network not in table

That's not what I intended. What happened? The thing is route-map key in BGP network command changes attributes BEFORE affected prefix is inserted into BGP routing table. In this case no-export community is added first, then R1 puts 1.1.1.1/32 in BGP routing table on R1, where R1 sees that this prefix can not be advertised outside its AS. To verify, let's change R1-R2 from eBGP into iBGP:

R1#sho run | sec r b
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255 route-map LOOP1
 neighbor 192.168.12.2 remote-as 1
 neighbor 192.168.12.2 send-community both
 no auto-summary

R2#sho run | sec r b
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.12.1 remote-as 1
 neighbor 192.168.23.3 remote-as 3
 no auto-summary

R3#sho run | sec r b
router bgp 3
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.23.2 remote-as 1
 no auto-summary

1.1.1.1/32 should appear in R2's BGP routing table:
R2#sho ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
  Not advertised to any peer
  Local
    192.168.12.1 from 192.168.12.1 (1.1.1.1)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Community: no-export

Since R1 and R2 are in the same ASN, no-export community does not affect route advertisement. However,
R3#show ip bgp 1.1.1.1/32
% Network not in table

Important thing to remember is that in this case route-map changes attributes BEFORE prefix added into BGP routing table and advertised to other BGP peers.