Solved

BGP REGEX + IBGP

Posted on 2011-03-22
5
456 Views
Last Modified: 2012-05-11
Hi,
   I am just looking at a config of bgp on my branch router. There is something i do not understand. The setup is basically a leased line to a main office and then a isdn backup to the main office. The main office propgates a default route. At the branch office Hrsp is running on the two routers lan facing the prod router has higher priority. So if this prod router goes down traffic goes to the isdn router. Then on the isdn router there is a static route to the dialer to iniate isdn in the case of failure. Under bgp on the on both routers There is a network statement advertising the address block used on site + the address used on the wan connection side. So that is all fine.

There is an ibgp session between the production router and the backup router. On the ibgp neighbor statement there is a filter list. Which does
neighbor x.x.x.x- ibgp neighbor filter-list 1 out
ip as-path access-list 1 deny ^$
ip as-path access-list 1 permit .*

This is what i do not understand why do you not want in IBGP to advertise ^$ which as i understand it is saying to not advertise anything originated by the local as but advertise everything else.


Thks,

Eoghan
0
Comment
Question by:BarepAssets
  • 3
  • 2
5 Comments
 
LVL 9

Expert Comment

by:ffleisma
Comment Utility
^$ could be the network subnet of the main office.

Since both router1 and router2 (isdn router) will receive subnet ^$ from main office. the filter basically prevents 2 scenarios.

1. router1 receives subnets ^$ from isdn router, router1 then forwards it to main branch that subnet ^$ can be reach via router1 then router2. This creates a routing loop.

2. second scenario is the other way around.

i can be wrong about this, kindly try to find out where subnet ^$ is located and i can further help you.
0
 
LVL 9

Expert Comment

by:ffleisma
Comment Utility
if you could, try and find out where ^$ network resides, you can do a show ip route or show ip bgp summary to know where the said subnet comes from. mainly the filter should be for avoiding loops.
0
 

Author Comment

by:BarepAssets
Comment Utility
i am only starting to learn advanced bgp filtering techniques but i believe that this ^$ is denying routes with no as path in there as path attribute i.e local generated prefixs would have no as path as they were not recieved via an ebgp relationship if they were recieved by the ebgp neighbor they would have aspath of the ebgp neighbors as numbers  so i think it is referencing not to advertise locally generated prefixs routes in ibgp but i dont see the point of it. the local generated prefix wpuld be the subnet of my branch office
0
 
LVL 9

Accepted Solution

by:
ffleisma earned 500 total points
Comment Utility
yes you have a good understanding of the AS path attribute and your analysis is correct on AS path attribute is not added when route does not traverse the AS yet. to make sense of the filter. this goes two ways. first lets go by --

router1 generates the route to your branch office and announces it to router2 & main office. the filter prevents the route to be advertised to router2. now imagine if filter is not there and router2 gets that route. it can advertise that route to main office. in this case, the main branch now see two viable routes towards your branch office, one via router1 and another via router2. as your ckt at router2 is only an isdn connection, its not really a good option to use to pass data traffic unless for backup cases where router1 fails. so to basically, this prevents your isdn router to carry data traffic when at normal state.

makes a bit sense? i don't have your full BGP config but from what i can reason out why i should place that filter, this  would be one motivation why place it.

hope this helps! and let me know if you need more clarification :-)
0
 

Author Closing Comment

by:BarepAssets
Comment Utility
thanks that makes sense to me too
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco Switch Swap 1 54
How to setup VPN onCisco RV016 8 39
SSL RA VPN 7 72
How to use a IP block on cisco 877 3 24
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now