Re: BGP AS removal [7:66928]
At 01:53 AM 4/6/2003 +, Bullwinkle wrote: >In other words, for purposes of testing, there are ONLY two ways to remove >things from the AS_PATH. 1) the technique you describe, which is to create Both these techniques are invalid in my opinion. If you create a new route, you haven't changed the AS-PATH on another route at all. In these cases, you have two routes, not one modified one. >an aggregate and advertise that aggregate only ( although refresh my >memory - an aggregate might still contain full AS_PATH information - don't >have my book handy ) OR to create an appropriate route to null 0, then enter >that route into the BGP process, while filtering those that contain the >AS_PATH you want to remove. > > >AS1-AS2-AS3 > >192.168.x.x subnets --advertised into AS2 > > ip route 192.0.0.0 255.0.0.0 >null 0 >bgp process command: network 192.0.0.0 mask 255.0.0.0 > >filter the more specific BGP routes. > >AS3 should see just the route to null 0, which does originate in AS2 > >do I have that right? Do you agree? > >-- >- > >Bullwinkle: Hey, Rocky, watch me pull a CCIE out of my hat! > >Rocky: Bullwinkle, that trick NEVER works > >Bullwinkle: This time FOR SURE!!! >( pulls snarling Proctor out of hat ) >No doubt about it. I gotta get me a new hat! > > > >""Salvatore De Luca"" wrote in message >news:[EMAIL PROTECTED] > > I hear ya.. that's why if this was a TEST situation, the statement: > > > > ip as-path access-list 1 permit _2_ & ! _2_ _1$ would permit routes > > traversing AS2 but deny any routes traversed though AS2 Originating in >AS1. > > In which case 150.50.200.0 aggregated element should be the nlri "Fresh > > Route" point for AS3's knowledge. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66965&t=66928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS removal [7:66928]
Agreed by me.. the trick is it seems that we want to remove AS1 from the AS-path without filtering the whole IP Block. As long as AS2 Can Create the route you want advertised to R3,(Network Statments pointing to Null route injections will do this and put it in the BGP table). You can then filter routes originating in AS1 that has to traverse AS2 to get to AS3, without disrupting routes originated in other AS's besides AS1 that DO traverse AS2 to get to AS3. This is plain vanilla as-path filtering to me. EX: (routesnotwanted) (routeswanted)--> AS1--->AS2-->AS3 / / / / / AS4---^ (routeswanted) If the main objective is to filter routes orgininating in AS1 but not 2 then, _200_ & ! _200_ 100$ is a way to go. You then just have to keep in mind where the routes get originated. All the best, Sal Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66949&t=66928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS removal [7:66928]
In other words, for purposes of testing, there are ONLY two ways to remove things from the AS_PATH. 1) the technique you describe, which is to create an aggregate and advertise that aggregate only ( although refresh my memory - an aggregate might still contain full AS_PATH information - don't have my book handy ) OR to create an appropriate route to null 0, then enter that route into the BGP process, while filtering those that contain the AS_PATH you want to remove. AS1-AS2-AS3 192.168.x.x subnets --advertised into AS2 ip route 192.0.0.0 255.0.0.0 null 0 bgp process command: network 192.0.0.0 mask 255.0.0.0 filter the more specific BGP routes. AS3 should see just the route to null 0, which does originate in AS2 do I have that right? Do you agree? -- - Bullwinkle: Hey, Rocky, watch me pull a CCIE out of my hat! Rocky: Bullwinkle, that trick NEVER works Bullwinkle: This time FOR SURE!!! ( pulls snarling Proctor out of hat ) No doubt about it. I gotta get me a new hat! ""Salvatore De Luca"" wrote in message news:[EMAIL PROTECTED] > I hear ya.. that's why if this was a TEST situation, the statement: > > ip as-path access-list 1 permit _2_ & ! _2_ _1$ would permit routes > traversing AS2 but deny any routes traversed though AS2 Originating in AS1. > In which case 150.50.200.0 aggregated element should be the nlri "Fresh > Route" point for AS3's knowledge. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66943&t=66928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS removal [7:66928]
I hear ya.. that's why if this was a TEST situation, the statement: ip as-path access-list 1 permit _2_ & ! _2_ _1$ would permit routes traversing AS2 but deny any routes traversed though AS2 Originating in AS1. In which case 150.50.200.0 aggregated element should be the nlri "Fresh Route" point for AS3's knowledge. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66940&t=66928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS removal [7:66928]
At 08:26 PM 4/5/2003 +, Salvatore De Luca wrote: >I have to agree that it is a bit silly, dangerous, and should not be done on >a production enviornment.. but so are a lot of scenarios on the CCIE Lab.. >Just to add to the sillyness: Because it is silly and dangerous, you also can't do it without creating an entirely fresh route with the same nlri and conditionally advertising it somehow. You simply are not supposed to muck with AS-PATH elements unless you are aggregating, it which case you follow the defined guidelines. >Not sure how this would work, but you can try it.. have you tried as-path >manupulation? From what I can see you want to remove as 1 from the path as >R3 see's it. This config may work for what you are looking to do. You can >try applying this to the config aggregating the 150.50.200.0 network. I >think AS2 would have to originate the 150.50.200.0 net. > > >router bgp 3 >neighbor x.x.x.x route-map as-path in > > >route-map as-path permit 10 >match as-path 1 >route-map as-path permit 20 >match as-path 2 > > ip as-path access-list 1 permit _2_ & ! _2_ _1$ > ip as-path access-list 2 permit .* > >Sal Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66938&t=66928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS removal [7:66928]
At 04:22 PM 4/2/2003 -0500, you wrote: >150.50.200.0(R1)(R2)--(R3). > >R1 belongs to AS1 >R2 belongs to AS2 >R3 belongs to AS3 > >I inject 150.50.200.0 using the network command on R1 and see 150.50.200.0 >in R3 with as_path of 2 1. > >The question is how can I remove the 1 from the As Path on R3. You don't. Doing this would be silly and likely dangerous. >I have tried using the network command on R2 with no success. >If I aggregate on R2 using 150.50.200.0 255.255.255.0 summary-only , I >will still see 150.50.200.0 with as-path 2 1 ( no change). >However, if I aggregate on R2 using 150.50.0.0 255.255.0.0 summary-only, >then I will see 150.50.0.0 with as-path 2. The question was to get >150.50.200.0 and not 150.50.0.0. > >I can't get the 150.50.200.0 to work. > > >Thank you. > >RAM Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66928&t=66928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS removal [7:66928]
I have to agree that it is a bit silly, dangerous, and should not be done on a production enviornment.. but so are a lot of scenarios on the CCIE Lab.. Just to add to the sillyness: Not sure how this would work, but you can try it.. have you tried as-path manupulation? From what I can see you want to remove as 1 from the path as R3 see's it. This config may work for what you are looking to do. You can try applying this to the config aggregating the 150.50.200.0 network. I think AS2 would have to originate the 150.50.200.0 net. router bgp 3 neighbor x.x.x.x route-map as-path in route-map as-path permit 10 match as-path 1 route-map as-path permit 20 match as-path 2 ip as-path access-list 1 permit _2_ & ! _2_ _1$ ip as-path access-list 2 permit .* Sal Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66930&t=66928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
