Mailing List Archive

[nsp] BGP community issue or provider issue?
I'm having trouble making use of BGP communities with one of my transit
providers. i.e. I'm setting a community string via a simple route-map,
but they seem to either not receive it or ignore it.

Here's part of the config:

router bgp 6364
neighbor a.b.c.d remote-as 1239
neighbor a.b.c.d update-source Serial1/0
neighbor a.b.c.d version 4
neighbor a.b.c.d send-community
neighbor a.b.c.d soft-reconfiguration inbound
neighbor a.b.c.d distribute-list 190 in
neighbor a.b.c.d route-map SPRINT-NO-METRIC in
neighbor a.b.c.d route-map sprint_prepend out
neighbor a.b.c.d maximum-prefix 150000 90
neighbor a.b.c.d filter-list 1 out

route-map sprint_prepend permit 10
set community 65003:6447

From their NOC, I'm getting the run-around. First they tried several
times to tell me what I was doing made no sense (though it's copied from
docs on their web site, which I referenced in my emails to them). Now
they're saying they understand what I'm trying to do, but they're not
receiving any community string because I have no match statement in the
route-map. I know I don't need one.

I know I don't need one because on another router, with another provider,
I have:

router bgp 6364
neighbor e.f.g.h remote-as 701
neighbor e.f.g.h send-community
neighbor e.f.g.h version 4
neighbor e.f.g.h soft-reconfiguration inbound
neighbor e.f.g.h distribute-list 190 in
neighbor e.f.g.h route-map UUNET_INPUT in
neighbor e.f.g.h route-map tell_uu_to_prepend_one out
neighbor e.f.g.h maximum-prefix 150000 90
neighbor e.f.g.h filter-list 1 out

route-map tell_uu_to_prepend_one permit 10
set community 701:1

And funny thing...this one works as it's supposed to.

The working config is a 7513 running IOS in the 12.0S train.
The non-working config is a 7206 running IOS in the 12.1T train.

Is there any chance this is a config issue or IOS issue on my end, or do I
need to keep banging on this provider's escalate button until I get
someone who knows what's going on?

----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Re: [nsp] BGP community issue or provider issue? [ In reply to ]
Hi

You are right, there is no need in a match line. Ignoring it just executes
the set commands on everything.
What you are doing is perfectly correct, assuming the community has any
meaning to the provider.

What does the filter list filter? Maybe this is the problem?

you can ask a 'show ip bgp <prefix>' from the provider, and look for the
community, or use a route-server in their AS

Arie


On Fri, 13 Sep 2002 jlewis@lewis.org wrote:

> I'm having trouble making use of BGP communities with one of my transit
> providers. i.e. I'm setting a community string via a simple route-map,
> but they seem to either not receive it or ignore it.
>
> Here's part of the config:
>
> router bgp 6364
> neighbor a.b.c.d remote-as 1239
> neighbor a.b.c.d update-source Serial1/0
> neighbor a.b.c.d version 4
> neighbor a.b.c.d send-community
> neighbor a.b.c.d soft-reconfiguration inbound
> neighbor a.b.c.d distribute-list 190 in
> neighbor a.b.c.d route-map SPRINT-NO-METRIC in
> neighbor a.b.c.d route-map sprint_prepend out
> neighbor a.b.c.d maximum-prefix 150000 90
> neighbor a.b.c.d filter-list 1 out
>
> route-map sprint_prepend permit 10
> set community 65003:6447
>
> >From their NOC, I'm getting the run-around. First they tried several
> times to tell me what I was doing made no sense (though it's copied from
> docs on their web site, which I referenced in my emails to them). Now
> they're saying they understand what I'm trying to do, but they're not
> receiving any community string because I have no match statement in the
> route-map. I know I don't need one.
>
> I know I don't need one because on another router, with another provider,
> I have:
>
> router bgp 6364
> neighbor e.f.g.h remote-as 701
> neighbor e.f.g.h send-community
> neighbor e.f.g.h version 4
> neighbor e.f.g.h soft-reconfiguration inbound
> neighbor e.f.g.h distribute-list 190 in
> neighbor e.f.g.h route-map UUNET_INPUT in
> neighbor e.f.g.h route-map tell_uu_to_prepend_one out
> neighbor e.f.g.h maximum-prefix 150000 90
> neighbor e.f.g.h filter-list 1 out
>
> route-map tell_uu_to_prepend_one permit 10
> set community 701:1
>
> And funny thing...this one works as it's supposed to.
>
> The working config is a 7513 running IOS in the 12.0S train.
> The non-working config is a 7206 running IOS in the 12.1T train.
>
> Is there any chance this is a config issue or IOS issue on my end, or do I
> need to keep banging on this provider's escalate button until I get
> someone who knows what's going on?
>
> ----------------------------------------------------------------------
> Jon Lewis *jlewis@lewis.org*| I route
> System Administrator | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
Re: [nsp] BGP community issue or provider issue? [ In reply to ]
On Sat, 14 Sep 2002, Arie Vayner wrote:

> You are right, there is no need in a match line. Ignoring it just executes
> the set commands on everything.
> What you are doing is perfectly correct, assuming the community has any
> meaning to the provider.
>
> What does the filter list filter? Maybe this is the problem?

The filter list is just a small as-path access-list that only allows
routes with certain as-paths (i.e. no path, or a few ^_(customer-as_)+$)
to be advertised to the transit providers.

The same filter list is applied to the uunet session, and doesn't cause
any problems with communities on that one.

I guess it's time to post to nanog looking for a Sprint routing engineer
with clue. I just wanted to make sure I wasn't missing something first.

----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Re: [nsp] BGP community issue or provider issue? [ In reply to ]
Jon,

Have you tried forcing the outbound updates to go through the newly policy
with the following commned:

clear ip bgp <neighbor address> soft outbound.


BTW: resetting the connection will do it to but is more intrusive.

At 08:21 AM 9/14/2002 -0400, jlewis@lewis.org wrote:
>On Sat, 14 Sep 2002, Arie Vayner wrote:
>
> > You are right, there is no need in a match line. Ignoring it just executes
> > the set commands on everything.
> > What you are doing is perfectly correct, assuming the community has any
> > meaning to the provider.
> >
> > What does the filter list filter? Maybe this is the problem?
>
>The filter list is just a small as-path access-list that only allows
>routes with certain as-paths (i.e. no path, or a few ^_(customer-as_)+$)
>to be advertised to the transit providers.
>
>The same filter list is applied to the uunet session, and doesn't cause
>any problems with communities on that one.
>
>I guess it's time to post to nanog looking for a Sprint routing engineer
>with clue. I just wanted to make sure I wasn't missing something first.
>
>----------------------------------------------------------------------
> Jon Lewis *jlewis@lewis.org*| I route
> System Administrator | therefore you are
> Atlantic Net |
>_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>
>_______________________________________________
>cisco-nsp mailing list real_name)s@puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/

Harold Ritter, CCIE 4168
Advanced Network Services - ISP East
Cisco Systems
300 Apollo Drive
Chelmsford, MA 01824 USA
Phone: 978 497 3129
Fax: 978 497 3129
Cisco Systems- "Empowering the Internet Generation."
Re: [nsp] BGP community issue or provider issue? [ In reply to ]
Many times. I even resorted to resetting the connection once just in case
this router wasn't doing the right thing with soft out.

On Sat, 14 Sep 2002, Harold Ritter wrote:

> Jon,
>
> Have you tried forcing the outbound updates to go through the newly policy
> with the following commned:
>
> clear ip bgp <neighbor address> soft outbound.
>
>
> BTW: resetting the connection will do it to but is more intrusive.
>
> At 08:21 AM 9/14/2002 -0400, jlewis@lewis.org wrote:
> >On Sat, 14 Sep 2002, Arie Vayner wrote:
> >
> > > You are right, there is no need in a match line. Ignoring it just executes
> > > the set commands on everything.
> > > What you are doing is perfectly correct, assuming the community has any
> > > meaning to the provider.
> > >
> > > What does the filter list filter? Maybe this is the problem?
> >
> >The filter list is just a small as-path access-list that only allows
> >routes with certain as-paths (i.e. no path, or a few ^_(customer-as_)+$)
> >to be advertised to the transit providers.
> >
> >The same filter list is applied to the uunet session, and doesn't cause
> >any problems with communities on that one.
> >
> >I guess it's time to post to nanog looking for a Sprint routing engineer
> >with clue. I just wanted to make sure I wasn't missing something first.
> >
> >----------------------------------------------------------------------
> > Jon Lewis *jlewis@lewis.org*| I route
> > System Administrator | therefore you are
> > Atlantic Net |
> >_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> >
> >_______________________________________________
> >cisco-nsp mailing list real_name)s@puck.nether.net
> >http://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> Harold Ritter, CCIE 4168
> Advanced Network Services - ISP East
> Cisco Systems
> 300 Apollo Drive
> Chelmsford, MA 01824 USA
> Phone: 978 497 3129
> Fax: 978 497 3129
> Cisco Systems- "Empowering the Internet Generation."
>

----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
RE: [nsp] BGP community issue or provider issue? [ In reply to ]
If you issue a "show ip bgp neighbor x.x.x.x" do you see were it shows you
that the community was sent to that neighbor? It should say "community
attribute sent to this neighbor". If is being sent, they should then be
able to issue a "show ip bgp x.x.x.x" and tell if the route came accross
with that community.

It could also be that they are looking at the old decimal community format
and not necessarily the new format in which case they would need use the "ip
bgp-community new-format".

And yes, I just tried it in my lab going from a 3640 to a Juniper M10 and I
did not use any Match action, the community then applies to ALL routes being
advertised by the 3640.




Thanks,

Mario Puras
SoluNet Technical Support


-----Original Message-----
From: jlewis@lewis.org [mailto:jlewis@lewis.org]
Sent: Friday, September 13, 2002 11:49 PM
To: cisco-nsp@puck.nether.net
Subject: [nsp] BGP community issue or provider issue?


I'm having trouble making use of BGP communities with one of my transit
providers. i.e. I'm setting a community string via a simple route-map,
but they seem to either not receive it or ignore it.

Here's part of the config:

router bgp 6364
neighbor a.b.c.d remote-as 1239
neighbor a.b.c.d update-source Serial1/0
neighbor a.b.c.d version 4
neighbor a.b.c.d send-community
neighbor a.b.c.d soft-reconfiguration inbound
neighbor a.b.c.d distribute-list 190 in
neighbor a.b.c.d route-map SPRINT-NO-METRIC in
neighbor a.b.c.d route-map sprint_prepend out
neighbor a.b.c.d maximum-prefix 150000 90
neighbor a.b.c.d filter-list 1 out

route-map sprint_prepend permit 10
set community 65003:6447

From their NOC, I'm getting the run-around. First they tried several
times to tell me what I was doing made no sense (though it's copied from
docs on their web site, which I referenced in my emails to them). Now
they're saying they understand what I'm trying to do, but they're not
receiving any community string because I have no match statement in the
route-map. I know I don't need one.

I know I don't need one because on another router, with another provider,
I have:

router bgp 6364
neighbor e.f.g.h remote-as 701
neighbor e.f.g.h send-community
neighbor e.f.g.h version 4
neighbor e.f.g.h soft-reconfiguration inbound
neighbor e.f.g.h distribute-list 190 in
neighbor e.f.g.h route-map UUNET_INPUT in
neighbor e.f.g.h route-map tell_uu_to_prepend_one out
neighbor e.f.g.h maximum-prefix 150000 90
neighbor e.f.g.h filter-list 1 out

route-map tell_uu_to_prepend_one permit 10
set community 701:1

And funny thing...this one works as it's supposed to.

The working config is a 7513 running IOS in the 12.0S train.
The non-working config is a 7206 running IOS in the 12.1T train.

Is there any chance this is a config issue or IOS issue on my end, or do I
need to keep banging on this provider's escalate button until I get
someone who knows what's going on?

----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

_______________________________________________
cisco-nsp mailing list real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
RE: [nsp] BGP community issue or provider issue? [ In reply to ]
On Sat, 14 Sep 2002 MPuras@solunet.com wrote:

> If you issue a "show ip bgp neighbor x.x.x.x" do you see were it shows you
> that the community was sent to that neighbor? It should say "community
> attribute sent to this neighbor". If is being sent, they should then be
> able to issue a "show ip bgp x.x.x.x" and tell if the route came accross
> with that community.

Community attribute sent to this neighbor
yep.

> It could also be that they are looking at the old decimal community format
> and not necessarily the new format in which case they would need use the "ip
> bgp-community new-format".

I had turned that on as it makes looking at the config much easier. I
suspect it only affects how the community values are displayed in the CLI,
not how they're 'seen by the router'. For the hell of it, I turned it
off, which turned all the NNNNN:NNNN format strings into large negative
numbers in the CLI. I did a clear ip bg w.x.y.z soft out, waited a bit,
and still saw no effect.

----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________