No export means do NOT send it to another external AS. No advertise means do not send it to ANY other peer, internal or external. HTH, Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al. CCSI/JNCI-M/JNCI-ER VP - Technical Training - IPexpert, Inc. IPexpert Sr. Technical Instructor A Cisco Learning Partner - We Accept Learning Credits! [EMAIL PROTECTED] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 http://www.ipexpert.com
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Liu Sent: Friday, October 19, 2007 9:52 PM To: Con Spathas; [email protected] Subject: Re: [OSL | CCIE_RS] BGP communties problem you should use no-advertise, NOT no-export. no-export means it will sent to next ebgp, from that ebgp neighbor, it will not send out. hope this help.. ~ml _____ From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [email protected] Date: Fri, 19 Oct 2007 19:37:57 +0100 Subject: Re: [OSL | CCIE_RS] BGP communties problem Just a quick stab in the dark - but have you configured AS2 (R1, R2 and R3) to send communities to each other within the iBGP mesh?. I know the community attribute is transitive - but as it's an optional transitive - perhaps it could be worth a shot just to rule it out. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Badar Farooq Sent: Friday, 19 October 2007 19:08 To: [email protected] Subject: [OSL | CCIE_RS] BGP communties problem here is the scenario R4 is in AS 3 R5 is in AS 1 R1, 2, 3 are in AS 2 R4 has an ethernetnet link to R1 R5 has a frame relay link to R2 R1, R3, R2 are in full mesg IBGP R4 advertises network 204.12.1.0/24 into bgp and R5 advertises 155.1.5.0/24 into bgp The goal is to stop R4 and R5 to see each other's advertised networks, yet R1, R2, R3, should be able to access the advertised networks... Here is my configuration R5: router bgp 1 no synchronization bgp log-neighbor-changes network 155.1.5.0 <http://155.1.5.0/> mask 255.255.255.0 <http://255.255.255.0/> neighbor 155.1.0.2 <http://155.1.0.2/> remote-as 2 neighbor 155.1.0.2 <http://155.1.0.2/> send-community neighbor 155.1.0.2 <http://155.1.0.2/> route-map SET-COMMUNITY out no auto-summary ! access-list 1 permit 155.1.5.0 <http://155.1.5.0/> 0.0.0.255 <http://0.0.0.255/> ! route-map SET-COMMUNITY permit 10 match ip address 1 set community no-export ! route-map SET-COMMUNITY permit 20 R4: router bgp 3 no synchronization bgp log-neighbor-changes network 204.12.1.0 <http://204.12.1.0/> neighbor 155.1.146.1 <http://155.1.146.1/> remote-as 2 neighbor 155.1.146.1 <http://155.1.146.1/> send-community neighbor 155.1.146.1 <http://155.1.146.1/> route-map SET-COMMUNITY out no auto-summary ! access-list 1 permit 204.12.1.0 <http://204.12.1.0/> 0.0.0.255 <http://0.0.0.255/> ! route-map SET-COMMUNITY permit 10 match ip address 1 set community no-export ! route-map SET-COMMUNITY permit 20 ! Now everything appears to be fine as I check on R1 and R2 which are neighbors of R4 and R5 respectively R1#sh ip bgp 204.12.1.0 <http://204.12.1.0/> BGP routing table entry for 204.12.1.0/24, version 3 Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer) Advertised to update-groups: 1 3 155.1.146.4 <http://155.1.146.4/> from 155.1.146.4 <http://155.1.146.4/> (204.12.1.4 <http://204.12.1.4/> ) Origin IGP, metric 0, localpref 100, valid, external, best Community: no-export And R2#show ip bgp 155.1.5.0 <http://155.1.5.0/> BGP routing table entry for 155.1.5.0/24 <http://155.1.5.0/24> , version 2 Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer) Advertised to update-groups: 2 1 155.1.0.5 <http://155.1.0.5/> from 155.1.0.5 <http://155.1.0.5/> (155.1.5.5 <http://155.1.5.5/> ) Origin IGP, metric 0, localpref 100, valid, external, best Community: no-export But still R5 and R4 see these routes in their routing table and are able to ping each other R4#show ip bgp BGP table version is 8, local router ID is 204.12.1.4 <http://204.12.1.4/> Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 155.1.5.0/24 <http://155.1.5.0/24> 155.1.146.1 <http://155.1.146.1/> 0 2 1 i *> 155.1.37.0/24 155.1.146.1 <http://155.1.146.1/> 0 2 i *> 204.12.1.0 <http://204.12.1.0/> 0.0.0.0 <http://0.0.0.0/> 0 32768 i Now R4 shouldn't be able to see 155.1.5.0/24 network but it does :S R4#ping 155.1.5.5 <http://155.1.5.5/> source 204.12.1.4 <http://204.12.1.4/> Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 155.1.5.5 <http://155.1.5.5/> , timeout is 2 seconds: Packet sent with a source address of 204.12.1.4 <http://204.12.1.4/> !!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 108/213/316 m Same is the case with R5. It sees and reaches network advertised by R4 Any help will be appreciated Best Regards Muhammad Badar _____ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today! <http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctW Ltagline>
