I wil describe the issue, then attach the config for reference.
I have a router that will advertise 13 subnets into our private cloud. We’re using the large communities patch and it seems to work well and is stable.
The issue I have is this. I want to be able to tag the same subnet with multiple communities. The below config works, sort of.
It stops at the “permit 10†stanza of rm-tag-subnets-out. I presume this is because it matches so it gives up on the rest of the map. Fair enough.
I add a “continue†clause under the set command and it does continue on down the chain, but the number of advertised networks dwindle. It’s as if it’s AND’ing them together
What I want for it to do is if it matches, add the community, if not, move on down the list, but don’t strip out that network from being advertised upstream.
The purpose is to group networks so we can import elsewhere on matches in any of the various 3 fields.
Thoughts?
Thanks for any assistance.
EKG
=====
Config
!
hostname sales-us-east-1a
password <redacted>
enable password <redacted>
router bgp 4200000300
bgp router-id 10.220.64.237
timers bgp 10 30
bgp log-neighbor-changes
redistribute connected
network 10.220.64.0/24
network 10.220.68.0/24
network 10.220.69.0/24
network 10.220.70.0/24
network 10.220.71.0/24
network 10.220.72.0/24
network 10.220.73.0/24
network 10.220.74.0/24
network 10.220.75.0/24
network 10.220.95.0/24
network 10.220.101.0/24
network 10.220.103.0/24
network 10.220.107.0/24
neighbor 100.125.255.84 remote-as 4200000000
neighbor 100.125.255.84 update-source 100.125.255.85
neighbor 100.125.255.84 route-map rm-tag-subnets-out out
neighbor 100.125.255.84 route-map rm-default-accept-all in
neighbor 100.125.255.84 ebgp-multihop
neighbor 100.125.255.84 send-community all
neighbor 100.125.255.84 next-hop-self all
neighbor 100.125.255.86 remote-as 4200000000
neighbor 100.125.255.86 update-source 100.125.255.87
neighbor 100.125.255.86 route-map rm-tag-subnets-out out
neighbor 100.125.255.86 route-map rm-default-accept-all in
neighbor 100.125.255.86 ebgp-multihop
neighbor 100.125.255.86 send-community all
neighbor 100.125.255.86 next-hop-self all
!#######################################################################3
! Route maps to propagate to WAN
!#######################################################################3
route-map rm-default-accept-all permit 10
match ip address all
!#######################################################################3
! Route maps for tagging
!#######################################################################3
! xyzsales VPC Subnets
route-map rm-tag-subnets-out permit 10
match ip address prefix-list pl-xyzsales-all
set large-community 4200000300:0:0 additive
! xyzsales-all Subnets
route-map rm-tag-subnets-out permit 20
match ip address prefix-list pl-xyzsales-all
set large-community 4200000300:2:0 additive
! xyzsales-aaa VPC Subnets
route-map rm-tag-subnets-out permit 30
match ip address prefix-list pl-xyzsales-aaa
set large-community 4200000300:2:1 additive
! xyzsales-bbb VPC Subnets
route-map rm-tag-subnets-out permit 40
match ip address prefix-list pl-xyzsales-bbb
set large-community 4200000300:2:3 additive
! xyzsales-ccc VPC Subnets
route-map rm-tag-subnets-out permit 50
match ip address prefix-list pl-xyzsales-ccc
set large-community 4200000300:2:4 additive
! xyzsales-ddd VPC Subnets
route-map rm-tag-subnets-out permit 60
match ip address prefix-list pl-xyzsales-ddd
set large-community 4200000300:2:5 additive
! xyzsales-eee VPC Subnets
route-map rm-tag-subnets-out permit 70
match ip address prefix-list pl-xyzsales-eee
set large-community 4200000300:2:6 additive
! xyzsales-fff VPC Subnets
route-map rm-tag-subnets-out permit 80
match ip address prefix-list pl-xyzsales-fff
set large-community 4200000300:2:7 additive
#######################################################################3
! Prefix lists to match for tagging
!#######################################################################3
! xyzsales-all prefixes
ip prefix-list pl-xyzsales-all seq 100 permit 10.220.64.0/24
ip prefix-list pl-xyzsales-all seq 110 permit 10.220.68.0/24
ip prefix-list pl-xyzsales-all seq 120 permit 10.220.69.0/24
ip prefix-list pl-xyzsales-all seq 130 permit 10.220.70.0/24
ip prefix-list pl-xyzsales-all seq 140 permit 10.220.71.0/24
ip prefix-list pl-xyzsales-all seq 150 permit 10.220.72.0/24
ip prefix-list pl-xyzsales-all seq 160 permit 10.220.73.0/24
ip prefix-list pl-xyzsales-all seq 170 permit 10.220.74.0/24
ip prefix-list pl-xyzsales-all seq 180 permit 10.220.75.0/24
ip prefix-list pl-xyzsales-all seq 190 permit 10.220.95.0/24
ip prefix-list pl-xyzsales-all seq 200 permit 10.220.101.0/24
ip prefix-list pl-xyzsales-all seq 210 permit 10.220.103.0/24
ip prefix-list pl-xyzsales-all seq 220 permit 10.220.107.0/24
ip prefix-list pl-xyzsales-all seq 999 deny 0.0.0.0/0
! xyzsales-aaa prefixes
ip prefix-list pl-xyzsales-aaa seq 100 permit 10.220.64.0/24
ip prefix-list pl-xyzsales-aaa seq 110 permit 10.220.68.0/24
ip prefix-list pl-xyzsales-aaa seq 120 permit 10.220.72.0/24
ip prefix-list pl-xyzsales-aaa seq 999 deny 0.0.0.0/0
! xyzsales-bbb
ip prefix-list pl-xyzsales-bbb seq 100 permit 10.220.68.0/24
ip prefix-list pl-xyzsales-bbb seq 110 permit 10.220.72.0/24
ip prefix-list pl-xyzsales-bbb seq 999 deny 0.0.0.0/0
! xyzsales-ccc
ip prefix-list pl-xyzsales-ccc seq 100 permit 10.220.69.0/24
ip prefix-list pl-xyzsales-ccc seq 110 permit 10.220.73.0/24
ip prefix-list pl-xyzsales-ccc seq 120 permit 10.220.101.0/24
ip prefix-list pl-xyzsales-ccc seq 999 deny 0.0.0.0/0
! xyzsales-ddd
ip prefix-list pl-xyzsales-ddd seq 100 permit 10.220.71.0/24
ip prefix-list pl-xyzsales-ddd seq 110 permit 10.220.75.0/24
ip prefix-list pl-xyzsales-ddd seq 120 permit 10.220.103.0/24
ip prefix-list pl-xyzsales-ddd seq 130 permit 10.220.107.0/24
ip prefix-list pl-xyzsales-ddd seq 999 deny 0.0.0.0/0
! xyzsales-eee
ip prefix-list pl-xyzsales-eee seq 100 permit 10.220.70.0/24
ip prefix-list pl-xyzsales-eee seq 110 permit 10.220.74.0/24
ip prefix-list pl-xyzsales-eee seq 999 deny 0.0.0.0/0
! xyzsales-fff
ip prefix-list pl-xyzsales-fff seq 100 permit 10.220.95.0/24
ip prefix-list pl-xyzsales-fff seq 999 deny 0.0.0.0/0
!
access-list all permit any
!
log file /var/log/bgpd.log
!
log stdout
I have a router that will advertise 13 subnets into our private cloud. We’re using the large communities patch and it seems to work well and is stable.
The issue I have is this. I want to be able to tag the same subnet with multiple communities. The below config works, sort of.
It stops at the “permit 10†stanza of rm-tag-subnets-out. I presume this is because it matches so it gives up on the rest of the map. Fair enough.
I add a “continue†clause under the set command and it does continue on down the chain, but the number of advertised networks dwindle. It’s as if it’s AND’ing them together
What I want for it to do is if it matches, add the community, if not, move on down the list, but don’t strip out that network from being advertised upstream.
The purpose is to group networks so we can import elsewhere on matches in any of the various 3 fields.
Thoughts?
Thanks for any assistance.
EKG
=====
Config
!
hostname sales-us-east-1a
password <redacted>
enable password <redacted>
router bgp 4200000300
bgp router-id 10.220.64.237
timers bgp 10 30
bgp log-neighbor-changes
redistribute connected
network 10.220.64.0/24
network 10.220.68.0/24
network 10.220.69.0/24
network 10.220.70.0/24
network 10.220.71.0/24
network 10.220.72.0/24
network 10.220.73.0/24
network 10.220.74.0/24
network 10.220.75.0/24
network 10.220.95.0/24
network 10.220.101.0/24
network 10.220.103.0/24
network 10.220.107.0/24
neighbor 100.125.255.84 remote-as 4200000000
neighbor 100.125.255.84 update-source 100.125.255.85
neighbor 100.125.255.84 route-map rm-tag-subnets-out out
neighbor 100.125.255.84 route-map rm-default-accept-all in
neighbor 100.125.255.84 ebgp-multihop
neighbor 100.125.255.84 send-community all
neighbor 100.125.255.84 next-hop-self all
neighbor 100.125.255.86 remote-as 4200000000
neighbor 100.125.255.86 update-source 100.125.255.87
neighbor 100.125.255.86 route-map rm-tag-subnets-out out
neighbor 100.125.255.86 route-map rm-default-accept-all in
neighbor 100.125.255.86 ebgp-multihop
neighbor 100.125.255.86 send-community all
neighbor 100.125.255.86 next-hop-self all
!#######################################################################3
! Route maps to propagate to WAN
!#######################################################################3
route-map rm-default-accept-all permit 10
match ip address all
!#######################################################################3
! Route maps for tagging
!#######################################################################3
! xyzsales VPC Subnets
route-map rm-tag-subnets-out permit 10
match ip address prefix-list pl-xyzsales-all
set large-community 4200000300:0:0 additive
! xyzsales-all Subnets
route-map rm-tag-subnets-out permit 20
match ip address prefix-list pl-xyzsales-all
set large-community 4200000300:2:0 additive
! xyzsales-aaa VPC Subnets
route-map rm-tag-subnets-out permit 30
match ip address prefix-list pl-xyzsales-aaa
set large-community 4200000300:2:1 additive
! xyzsales-bbb VPC Subnets
route-map rm-tag-subnets-out permit 40
match ip address prefix-list pl-xyzsales-bbb
set large-community 4200000300:2:3 additive
! xyzsales-ccc VPC Subnets
route-map rm-tag-subnets-out permit 50
match ip address prefix-list pl-xyzsales-ccc
set large-community 4200000300:2:4 additive
! xyzsales-ddd VPC Subnets
route-map rm-tag-subnets-out permit 60
match ip address prefix-list pl-xyzsales-ddd
set large-community 4200000300:2:5 additive
! xyzsales-eee VPC Subnets
route-map rm-tag-subnets-out permit 70
match ip address prefix-list pl-xyzsales-eee
set large-community 4200000300:2:6 additive
! xyzsales-fff VPC Subnets
route-map rm-tag-subnets-out permit 80
match ip address prefix-list pl-xyzsales-fff
set large-community 4200000300:2:7 additive
#######################################################################3
! Prefix lists to match for tagging
!#######################################################################3
! xyzsales-all prefixes
ip prefix-list pl-xyzsales-all seq 100 permit 10.220.64.0/24
ip prefix-list pl-xyzsales-all seq 110 permit 10.220.68.0/24
ip prefix-list pl-xyzsales-all seq 120 permit 10.220.69.0/24
ip prefix-list pl-xyzsales-all seq 130 permit 10.220.70.0/24
ip prefix-list pl-xyzsales-all seq 140 permit 10.220.71.0/24
ip prefix-list pl-xyzsales-all seq 150 permit 10.220.72.0/24
ip prefix-list pl-xyzsales-all seq 160 permit 10.220.73.0/24
ip prefix-list pl-xyzsales-all seq 170 permit 10.220.74.0/24
ip prefix-list pl-xyzsales-all seq 180 permit 10.220.75.0/24
ip prefix-list pl-xyzsales-all seq 190 permit 10.220.95.0/24
ip prefix-list pl-xyzsales-all seq 200 permit 10.220.101.0/24
ip prefix-list pl-xyzsales-all seq 210 permit 10.220.103.0/24
ip prefix-list pl-xyzsales-all seq 220 permit 10.220.107.0/24
ip prefix-list pl-xyzsales-all seq 999 deny 0.0.0.0/0
! xyzsales-aaa prefixes
ip prefix-list pl-xyzsales-aaa seq 100 permit 10.220.64.0/24
ip prefix-list pl-xyzsales-aaa seq 110 permit 10.220.68.0/24
ip prefix-list pl-xyzsales-aaa seq 120 permit 10.220.72.0/24
ip prefix-list pl-xyzsales-aaa seq 999 deny 0.0.0.0/0
! xyzsales-bbb
ip prefix-list pl-xyzsales-bbb seq 100 permit 10.220.68.0/24
ip prefix-list pl-xyzsales-bbb seq 110 permit 10.220.72.0/24
ip prefix-list pl-xyzsales-bbb seq 999 deny 0.0.0.0/0
! xyzsales-ccc
ip prefix-list pl-xyzsales-ccc seq 100 permit 10.220.69.0/24
ip prefix-list pl-xyzsales-ccc seq 110 permit 10.220.73.0/24
ip prefix-list pl-xyzsales-ccc seq 120 permit 10.220.101.0/24
ip prefix-list pl-xyzsales-ccc seq 999 deny 0.0.0.0/0
! xyzsales-ddd
ip prefix-list pl-xyzsales-ddd seq 100 permit 10.220.71.0/24
ip prefix-list pl-xyzsales-ddd seq 110 permit 10.220.75.0/24
ip prefix-list pl-xyzsales-ddd seq 120 permit 10.220.103.0/24
ip prefix-list pl-xyzsales-ddd seq 130 permit 10.220.107.0/24
ip prefix-list pl-xyzsales-ddd seq 999 deny 0.0.0.0/0
! xyzsales-eee
ip prefix-list pl-xyzsales-eee seq 100 permit 10.220.70.0/24
ip prefix-list pl-xyzsales-eee seq 110 permit 10.220.74.0/24
ip prefix-list pl-xyzsales-eee seq 999 deny 0.0.0.0/0
! xyzsales-fff
ip prefix-list pl-xyzsales-fff seq 100 permit 10.220.95.0/24
ip prefix-list pl-xyzsales-fff seq 999 deny 0.0.0.0/0
!
access-list all permit any
!
log file /var/log/bgpd.log
!
log stdout
Attached Files:
-
smime.p7s (3.62 KB)