So reading through, I'm getting that AS2 is the "transit" network in this case you are trying to avoid. What we are not seeing here is your R1, R2, R3 configs. Do you have the send-community options on them as well? Perhaps your community is being lost there. Once you peer internally, on R1 and R2 (I think those are your peering routers judging by 4th octet) when you look at "show ip bgp community" you should see two routes with a community tag. If you are ONLY seeing the one directly received from the ebgp peer, then you're losing your tag internally there. I also assume that you have cleared the BGP sessions (soft or otherwise) after making these changes to refresh the database! HTH, Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al. CCSI/JNCI-M/JNCI-ER VP - Technical Training - IPexpert, Inc. IPexpert Sr. Technical Instructor A Cisco Learning Partner - We Accept Learning Credits! [EMAIL PROTECTED] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 http://www.ipexpert.com
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Badar Farooq Sent: Friday, October 19, 2007 2:08 PM To: [email protected] Subject: [OSL | CCIE_RS] BGP communties problem here is the scenario R4 is in AS 3 R5 is in AS 1 R1, 2, 3 are in AS 2 R4 has an ethernetnet link to R1 R5 has a frame relay link to R2 R1, R3, R2 are in full mesg IBGP R4 advertises network 204.12.1.0/24 into bgp and R5 advertises 155.1.5.0/24 into bgp The goal is to stop R4 and R5 to see each other's advertised networks, yet R1, R2, R3, should be able to access the advertised networks... Here is my configuration R5: router bgp 1 no synchronization bgp log-neighbor-changes network 155.1.5.0 mask 255.255.255.0 <http://255.255.255.0> neighbor 155.1.0.2 remote-as 2 neighbor 155.1.0.2 send-community neighbor 155.1.0.2 route-map SET-COMMUNITY out no auto-summary ! access-list 1 permit 155.1.5.0 0.0.0.255 ! route-map SET-COMMUNITY permit 10 match ip address 1 set community no-export ! route-map SET-COMMUNITY permit 20 R4: router bgp 3 no synchronization bgp log-neighbor-changes network 204.12.1.0 neighbor 155.1.146.1 <http://155.1.146.1> remote-as 2 neighbor 155.1.146.1 send-community neighbor 155.1.146.1 route-map SET-COMMUNITY out no auto-summary ! access-list 1 permit 204.12.1.0 0.0.0.255 ! route-map SET-COMMUNITY permit 10 match ip address 1 set community no-export ! route-map SET-COMMUNITY permit 20 ! Now everything appears to be fine as I check on R1 and R2 which are neighbors of R4 and R5 respectively R1#sh ip bgp 204.12.1.0 BGP routing table entry for 204.12.1.0/24, version 3 Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer) Advertised to update-groups: 1 3 155.1.146.4 from 155.1.146.4 (204.12.1.4) Origin IGP, metric 0, localpref 100, valid, external, best Community: no-export And R2#show ip bgp 155.1.5.0 BGP routing table entry for 155.1.5.0/24 <http://155.1.5.0/24> , version 2 Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer) Advertised to update-groups: 2 1 155.1.0.5 from 155.1.0.5 (155.1.5.5) Origin IGP, metric 0, localpref 100, valid, external, best Community: no-export But still R5 and R4 see these routes in their routing table and are able to ping each other. R4#show ip bgp BGP table version is 8, local router ID is 204.12.1.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 155.1.5.0/24 <http://155.1.5.0/24> 155.1.146.1 0 2 1 i *> 155.1.37.0/24 155.1.146.1 0 2 i *> 204.12.1.0 <http://204.12.1.0> 0.0.0.0 0 32768 i Now R4 shouldn't be able to see 155.1.5.0/24 network but it does :S R4#ping 155.1.5.5 source 204.12.1.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 155.1.5.5, timeout is 2 seconds: Packet sent with a source address of 204.12.1.4 !!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 108/213/316 m Same is the case with R5. It sees and reaches network advertised by R4. Any help will be appreciated. Best Regards Muhammad Badar
