Problem in PropagatingOriginating BGP Route to IBGPEBGP Neighbors-Cause: Misconfigured Filters

Problem in Propagating/Originating BGP Route to IBGP/EBGP Neighbors ‚ Cause: Misconfigured Filters

A scenario might arise in which the BGP configuration to originate and propagate routes looks good, but BGP neighbors are not receiving the routes. The originator's BGP table shows all the routes. There is a possibility that configured filters are the cause of the problem.

When implementing BGP in Cisco IOS Software, operators have many options to configure filters to control which routes to propagate to which neighbors. These filters could be fairly straightforward or could get very complex. Minor errors can result in undesirable route denial or advertisement to BGP speakers .

Figure 15-12 shows the flowchart to follow to fix this problem.

Debugs and Verification

Chapter 14 discusses using filters in BGP. Discussing every single filter is outside the scope of this book; however, some of most commonly seen real-world filtering mistakes and misconceptions are discussed.

Using a distribute list allows for standard access lists (1 to 99) and extended access lists (100 to 199). Example 15-32 gives a sample configuration of both.

Example 15-32 Sample Distribute List Configuration Using Standard and Extended Access Lists

 R1#  access-list 1 permit 100.100.100.0   router bgp 109   no synchronization   neighbor 131.108.1.2 remote-as 109   neighbor 131.108.1.2 distribute-list 1 out  R1#  access-list 101 permit ip host 100.100.100.0 host 255.255.255.0   router bgp 109   no synchronization   neighbor 131.108.1.2 remote-as 109  neighbor 131.108.1.2 distribute-list 101 out 

One common mistake that operators make is not realizing that there is an implicit deny at the end of each access list. All networks are denied except for those that are explicitly permitted in the access list. Also, standard and extended access lists are treated differently when it comes to BGP filters. In standard access lists, the mask portion is not checked and only the prefix portion is checked. For example, in the following access list, 100.100.100.0 could have any mask ‚ /24, /26, and so on:

  access-list 1 permit 100.100.100.0  

In the following access list, on the other hand, the mask of 100.100.100.0 must be /24 and nothing else:

  access-list 101 permit ip host 100.100.100.0 host 255.255.255.0  

Similarly, when other methods are applied to filter BGP updates ‚ namely, filter lists, prefix lists, route maps, distribute lists, and so on ‚ care must be taken to understand the behavior of each method.

It is beyond the scope of this book to go over each filtering method that Cisco offers, but refer to the section, "Troubleshooting BGP Filtering."

Solution

As discussed in Chapter 14, there are several other ways to filter BGP updates, and care must be taken in terms of what exactly is configured. Each kind of filter offers the power to control the BGP advertisement, but improper or incorrect use can result in incorrect or incomplete advertisements.