Mailing List Archive

Try

#show ip bgp route detail 167.142.0.0

To see if its possibly coming from a different neighbor that isn't subject
to that filtering? I've seen that in other situations where routes are
learned from a route-server at an exchange point, and not the direct peer,
and its not 100% obvious of that until you see what session it came from.

-James


On Tue, Oct 4, 2016 at 9:12 PM, <frnkblk@iname.com> wrote:

> We're running 5.6ff on an MLXe-4 and after BGP sessions hiccupped this
> afternoon we saw a route installed, even though it's filtered out.
>
> I feel like a newbie asking this question ... but why is the route
> installed, even though it's clearly configured to be filtered out and shown
> as a filtered route?
>
> MLXe-4#show ip bgp routes 167.142.0.0
> Number of BGP Routes matching display condition : 2
> Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED
> E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH
> m:NOT-INSTALLED-MULTIPATH
> S:SUPPRESSED F:FILTERED s:STALE
> Prefix Next Hop MED LocPrf Weight
> Status
> 1 167.142.0.0/24 206.108.255.52 80 100 0 BE
> AS_PATH: 6939 5056
> 2 167.142.0.0/24 206.108.255.52 80 100 0 E
> AS_PATH: 6939 5056
> Last update to IP routing table: 3h43m33s, 1 path(s) installed:
> Route is not advertised to any peers
> MLXe-4#
> MLXe-4#show ip bgp filtered-routes detail | begin 167.142.0.0
> 129 Prefix: 167.142.0.0/16, Status: EF, Age: 4h55m44s
> NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
> 206.108.255.52 (6939)
> LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
> AS_PATH: 6939 5056
> 130 Prefix: 167.142.0.0/24, Status: EF, Age: 4h55m44s
> NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
> 206.108.255.52 (6939)
> LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
> AS_PATH: 6939 5056
> 131 Prefix: 167.142.2.0/24, Status: EF, Age: 4h55m36s
> NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
> 206.108.255.52 (6939)
> LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
> AS_PATH: 6939 5056
> ATOMIC_AGGREGATE: set, AGGREGATOR: 65502(167.142.2.2)
> ...
> MLXe-4#
> MLXe-4#show ip as-path-access-lists
> ip as-path access list HE_INBOUND: 3 entries
> seq 10 deny ^6939_5056$
> seq 20 deny ^6939_5056_.*$
> seq 30 permit ^6939_.*
> MLXe-4#
> MLXe-4#sho ip bgp neighbors 206.108.255.52 | inc Filter
> Filter-list: (in) HE_INBOUND
> MLXe-4 #
>
>
> Frank
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>



--

*James Cornman*


*Chief Technology Officer*jcornman@atlanticmetro.net
212.792.9950 - ext 101

*Atlantic Metro Communications*

*4 Century Drive, Parsippany NJ 07054*


*Colocation • Cloud Hosting • Network Connectivity • Managed Services*
Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro> *•
Like us on Facebook <https://www.facebook.com/atlanticmetro>*
www.atlanticmetro.net

James,



I think you found it …. learned from the IX’s route-reflector … looks like I need to apply the route filter on that session, too. And it matches with the AS6939’s recent work to send more IPv4 prefixes to AS53679.



MLXe-4#show ip bgp route detail 167.142.0.0

Number of BGP Routes matching display condition : 2

Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED

E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH

S:SUPPRESSED F:FILTERED s:STALE

1 Prefix: 167.142.0.0/24, Status: BE, Age: 2h7m48s

NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer: 206.108.255.1 (53679)

LOCAL_PREF: 100, MED: 80, ORIGIN: igp, Weight: 0

AS_PATH: 6939 5056

COMMUNITIES: 0:2906 0:12989 0:13335 0:15133 0:15169 0:16509 0:20940 0:22822 0:36040

2 Prefix: 167.142.0.0/24, Status: E, Age: 4h45m44s

NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer: 206.108.255.2 (53679)

LOCAL_PREF: 100, MED: 80, ORIGIN: igp, Weight: 0

AS_PATH: 6939 5056

COMMUNITIES: 0:2906 0:12989 0:13335 0:15133 0:15169 0:16509 0:20940 0:22822 0:36040

Last update to IP routing table: 4h45m44s, 1 path(s) installed:

Route is not advertised to any peers

MLXe-4#



Frank



From: James Cornman [mailto:james@atlanticmetro.net]
Sent: Tuesday, October 04, 2016 8:37 PM
To: frnkblk@iname.com
Cc: foundry-nsp@puck.nether.net
Subject: Re: [f-nsp] Routes being installed, even though they're filtered out



Try



#show ip bgp route detail 167.142.0.0



To see if its possibly coming from a different neighbor that isn't subject to that filtering? I've seen that in other situations where routes are learned from a route-server at an exchange point, and not the direct peer, and its not 100% obvious of that until you see what session it came from.



-James





On Tue, Oct 4, 2016 at 9:12 PM, <frnkblk@iname.com <mailto:frnkblk@iname.com> > wrote:

We're running 5.6ff on an MLXe-4 and after BGP sessions hiccupped this
afternoon we saw a route installed, even though it's filtered out.

I feel like a newbie asking this question ... but why is the route
installed, even though it's clearly configured to be filtered out and shown
as a filtered route?

MLXe-4#show ip bgp routes 167.142.0.0
Number of BGP Routes matching display condition : 2
Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED
E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH
S:SUPPRESSED F:FILTERED s:STALE
Prefix Next Hop MED LocPrf Weight
Status
1 167.142.0.0/24 <http://167.142.0.0/24> 206.108.255.52 80 100 0 BE
AS_PATH: 6939 5056
2 167.142.0.0/24 <http://167.142.0.0/24> 206.108.255.52 80 100 0 E
AS_PATH: 6939 5056
Last update to IP routing table: 3h43m33s, 1 path(s) installed:
Route is not advertised to any peers
MLXe-4#
MLXe-4#show ip bgp filtered-routes detail | begin 167.142.0.0
129 Prefix: 167.142.0.0/16 <http://167.142.0.0/16> , Status: EF, Age: 4h55m44s
NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
206.108.255.52 (6939)
LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
AS_PATH: 6939 5056
130 Prefix: 167.142.0.0/24 <http://167.142.0.0/24> , Status: EF, Age: 4h55m44s
NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
206.108.255.52 (6939)
LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
AS_PATH: 6939 5056
131 Prefix: 167.142.2.0/24 <http://167.142.2.0/24> , Status: EF, Age: 4h55m36s
NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
206.108.255.52 (6939)
LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
AS_PATH: 6939 5056
ATOMIC_AGGREGATE: set, AGGREGATOR: 65502(167.142.2.2)
...
MLXe-4#
MLXe-4#show ip as-path-access-lists
ip as-path access list HE_INBOUND: 3 entries
seq 10 deny ^6939_5056$
seq 20 deny ^6939_5056_.*$
seq 30 permit ^6939_.*
MLXe-4#
MLXe-4#sho ip bgp neighbors 206.108.255.52 | inc Filter
Filter-list: (in) HE_INBOUND
MLXe-4 #


Frank

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net <mailto:foundry-nsp@puck.nether.net>
http://puck.nether.net/mailman/listinfo/foundry-nsp







--

James Cornman

Chief Technology Officer
jcornman@atlanticmetro.net <mailto:jcornman@atlanticmetro.net>
212.792.9950 - ext 101

Atlantic Metro Communications

4 Century Drive, Parsippany NJ 07054


Colocation • Cloud Hosting • Network Connectivity • Managed Services
Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro> • Like us on Facebook <https://www.facebook.com/atlanticmetro>
<https://www.atlanticmetro.net/> www.atlanticmetro.net

Thanks for the input, things are all fixed up now. =)



Frank



From: foundry-nsp [mailto:foundry-nsp-bounces@puck.nether.net] On Behalf Of frnkblk@iname.com
Sent: Tuesday, October 04, 2016 8:45 PM
To: 'James Cornman' <james@atlanticmetro.net>
Cc: foundry-nsp@puck.nether.net
Subject: Re: [f-nsp] Routes being installed, even though they're filtered out



James,



I think you found it …. learned from the IX’s route-reflector … looks like I need to apply the route filter on that session, too. And it matches with the AS6939’s recent work to send more IPv4 prefixes to AS53679.



MLXe-4#show ip bgp route detail 167.142.0.0

Number of BGP Routes matching display condition : 2

Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED

E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH

S:SUPPRESSED F:FILTERED s:STALE

1 Prefix: 167.142.0.0/24, Status: BE, Age: 2h7m48s

NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer: 206.108.255.1 (53679)

LOCAL_PREF: 100, MED: 80, ORIGIN: igp, Weight: 0

AS_PATH: 6939 5056

COMMUNITIES: 0:2906 0:12989 0:13335 0:15133 0:15169 0:16509 0:20940 0:22822 0:36040

2 Prefix: 167.142.0.0/24, Status: E, Age: 4h45m44s

NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer: 206.108.255.2 (53679)

LOCAL_PREF: 100, MED: 80, ORIGIN: igp, Weight: 0

AS_PATH: 6939 5056

COMMUNITIES: 0:2906 0:12989 0:13335 0:15133 0:15169 0:16509 0:20940 0:22822 0:36040

Last update to IP routing table: 4h45m44s, 1 path(s) installed:

Route is not advertised to any peers

MLXe-4#



Frank



From: James Cornman [mailto:james@atlanticmetro.net]
Sent: Tuesday, October 04, 2016 8:37 PM
To: frnkblk@iname.com <mailto:frnkblk@iname.com>
Cc: foundry-nsp@puck.nether.net <mailto:foundry-nsp@puck.nether.net>
Subject: Re: [f-nsp] Routes being installed, even though they're filtered out



Try



#show ip bgp route detail 167.142.0.0



To see if its possibly coming from a different neighbor that isn't subject to that filtering? I've seen that in other situations where routes are learned from a route-server at an exchange point, and not the direct peer, and its not 100% obvious of that until you see what session it came from.



-James





On Tue, Oct 4, 2016 at 9:12 PM, <frnkblk@iname.com <mailto:frnkblk@iname.com> > wrote:

We're running 5.6ff on an MLXe-4 and after BGP sessions hiccupped this
afternoon we saw a route installed, even though it's filtered out.

I feel like a newbie asking this question ... but why is the route
installed, even though it's clearly configured to be filtered out and shown
as a filtered route?

MLXe-4#show ip bgp routes 167.142.0.0
Number of BGP Routes matching display condition : 2
Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED
E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH
S:SUPPRESSED F:FILTERED s:STALE
Prefix Next Hop MED LocPrf Weight
Status
1 167.142.0.0/24 <http://167.142.0.0/24> 206.108.255.52 80 100 0 BE
AS_PATH: 6939 5056
2 167.142.0.0/24 <http://167.142.0.0/24> 206.108.255.52 80 100 0 E
AS_PATH: 6939 5056
Last update to IP routing table: 3h43m33s, 1 path(s) installed:
Route is not advertised to any peers
MLXe-4#
MLXe-4#show ip bgp filtered-routes detail | begin 167.142.0.0
129 Prefix: 167.142.0.0/16 <http://167.142.0.0/16> , Status: EF, Age: 4h55m44s
NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
206.108.255.52 (6939)
LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
AS_PATH: 6939 5056
130 Prefix: 167.142.0.0/24 <http://167.142.0.0/24> , Status: EF, Age: 4h55m44s
NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
206.108.255.52 (6939)
LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
AS_PATH: 6939 5056
131 Prefix: 167.142.2.0/24 <http://167.142.2.0/24> , Status: EF, Age: 4h55m36s
NEXT_HOP: 206.108.255.52, Metric: 0, Learned from Peer:
206.108.255.52 (6939)
LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
AS_PATH: 6939 5056
ATOMIC_AGGREGATE: set, AGGREGATOR: 65502(167.142.2.2)
...
MLXe-4#
MLXe-4#show ip as-path-access-lists
ip as-path access list HE_INBOUND: 3 entries
seq 10 deny ^6939_5056$
seq 20 deny ^6939_5056_.*$
seq 30 permit ^6939_.*
MLXe-4#
MLXe-4#sho ip bgp neighbors 206.108.255.52 | inc Filter
Filter-list: (in) HE_INBOUND
MLXe-4 #


Frank

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net <mailto:foundry-nsp@puck.nether.net>
http://puck.nether.net/mailman/listinfo/foundry-nsp







--

James Cornman

Chief Technology Officer
jcornman@atlanticmetro.net <mailto:jcornman@atlanticmetro.net>
212.792.9950 - ext 101

Atlantic Metro Communications

4 Century Drive, Parsippany NJ 07054


Colocation • Cloud Hosting • Network Connectivity • Managed Services
Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro> • Like us on Facebook <https://www.facebook.com/atlanticmetro>
<https://www.atlanticmetro.net/> www.atlanticmetro.net