• Operation of the Route-Map ‘continue’ feature with CLI outputs

 
 
Print Friendly, PDF & Email

Supported Platforms

  • The Route-Map ‘continue’ feature is supported on all platforms and is hence platform-independent.
  • The support for this feature in Multi-agent model has been added since EOS-4.21.0, and the support for this feature in Single-agent model  is supported since EOS-4.10.2

Background of the default operation of a route-map

  • A given route-map can have a number of sequence statements each of which contain optional match and/or set rules.
  • When a route is advertised to a BGP neighbor or received from a BGP neighbor, that route is evaluated against each sequence statement of the route-map that’s applied to the concerned neighbor, starting from the first or top-most sequence statement and sequentially till the last or bottom-most sequence statement.
  • In the process by default, the very first match of that route in any sequence statement of that route-map as determined by its match condition, is the one and only match for that route, and whatever set actions are applicable in that sequence statement where the match has occurred, are what are applied to that route.
  • After that successful match any further evaluation of that route by the other and following route-map sequence statements does not occur.
  • For example – in the below route-map, if the route 192.168.10.0/24 is being evaluated against this route-map,  this route would be set with a BGP metric of 50 and a local-preference of 50, having been matched successfully by the sequence 10 statement match condition, and this route will not undergo further evaluation by sequence 15 and 20 of this route-map even though their prefix-lists do cover this route.
route-map POLICY permit 10
  match ip address prefix-list 110
  set metric 50
  set local-preference 50
!
route-map POLICY permit 15
  match ip address prefix-list 112
  set metric 120
  set local-preference 120
!
route-map POLICY permit 20
  match ip address prefix-list 150
  set metric 150
  set local-preference 150
!
ip prefix-list 110 seq 5 permit 192.168.10.0/24
ip prefix-list 112 seq 10 permit 192.168.0.0/16 le 32
ip prefix-list 150 seq permit 0.0.0.0/0 le 32

Overview of the route-map  continue command and its effects

  • The ‘continue’ command in a route-map sequence allows a route matched in a particular sequence statement to also be evaluated against the sequence number specified after the continue command upon a successful match, before its evaluation ends.
  • The matched route is then diverted for evaluation to that next sequence statement (referenced by the continue in the Parent sequence statement) and in the event of a successful match the set commands of that Child sequence statement get applied too.
  •  The ‘continue’ CLI command is internally treated as another set command that forces the route-map evaluation of a matched route to jump to the sequence number specified after the ‘continue’ command, and in that specified sequence statement if no further continue command is specified, the evaluation of that route in the route-map is stopped.
  • So the set commands, if any, for all matched sequences in a ‘continue’ chain are applied after the evaluation of the route-map ends. The set commands, if any, from an earlier sequence in the continue chain do not take effect until the end of the route map.
  •  Typical Example – In the route-map below, if the sequence 10 statement is a successful match for the route under consideration, then the route-map evaluation will jump to sequence 30 and then, the attribute y should first get set
    on that route followed by attribute x too.
route-map INBOUND-POLICY permit 10
  match <parameter 1>
  continue 30
  set <attribute1 = y>
route-map INBOUND-POLICY permit 20
  match <parameter 2>
  set <attribute2> = z
route-map INBOUND-POLICY permit 30
  set <attribute3 = x>

 

  • If the route fails to match on a continued sequence (or a Child sequence), it is still accepted and attributes set from any earlier matched sequences in the route-map are applied.
  • It is not possible to jump to an earlier sequence using ‘continue’. To avoid loops, the sequence number specified after ‘continue’ must be a greater number than the current sequence.
  • If the route map continues to a deny sequence, and the sequence matches, then the route is rejected, and none of the set statements are applied.
  • The continue feature in a Route-Map is supported in both Gated BGP and ArBGP, and can be applied in Inbound and Outbound route-maps and also on Redistribution or BGP NETWORK statements while injecting routes into BGP. The support
    for this feature in ArBGP has been added since EOS-4.21.0, and the support for this feature in GatedBGP has been added since EOS-4.10.2

 

Benefits of the route-map  continue feature

The continue feature provides a programmable method to organize and control the flow of a route map. Route-map configuration was linear before this feature was introduced. The continue feature allows you to modularize network policy configuration so that repeated policy definitions or matched statement combinations can be reduced within the same route-map, thus saving processing power during route processing evaluation.

For example:

Suppose its desired to create an inbound filter towards an ISP BGP Peer to achieve the following :

a) Assign a community of 64512:500 to all routes of this group

b) But all routes of this group that have AS 30 anywhere in the AS-PATH should be assigned a Local-Preference of 30 and an additional community of 64512:30

c) But all routes of this group that have a prefix length of /24 (irrespective of any transit AS in their AS-PATH) should be assigned a Local-Preference of 24 an additional community of 64512:24

d) Accept all other routes as they are

 

So the objectives as defined by the above criteria should ensure that :

  • All routes originating in AS 500 (_500$) should be assigned the community of 64512:500
  • All routes originating in AS 500  (_500$) and which have a prefix length of /24 that don’t have AS 30 as a transit AS, should have LP24 set and 2 communities 64512:500 64512:24
  • All routes originating in AS 500  (_500$) and which have a prefix length of /24 and which have AS 30 as a  transit AS, should have LP24 set and 3 communities 64512:500 64512:30 64512:24
  • All other routes originating in AS 500 (_500$) and which also have AS 30 as a transit AS, should have LP30 set and have 2 communities 64512:500 64512:30

The traditional route-map design to achieve the above objectives would be :

ip as-path access-list AS500 permit _500$
ip as-path access-list AS30-TRANSIT permit _30_
ip prefix-list SLASH-24 permit 0.0.0.0/0 eq 24
!
route-map ISP-INBOUND-POLICY permit 10
   match as-path AS500
   match as-path AS30-TRANSIT
   match IP address prefix-list SLASH-24
   set local-preference 24
   set community  64512:500 64512:30 64512:24
route-map ISP-INBOUND-POLICY permit 20
   match as-path AS500
   match IP address prefix-list SLASH-24
   set local-preference 24
   set community 64512:500 64512:24
route-map ISP-INBOUND-POLICY permit 30
   match as-path AS500
   match as-path AS30-TRANSIT
   set local-preference 30
   set community 64512:500 64512:30
route-map ISP-INBOUND-POLICY permit 40
   match as-path AS500
   set community 64512:500
route-map ISP-INBOUND-POLICY permit 50
!

The drawback of the above route-map configuration, even though it helps achieve all the stated objectives is that switch has to

  • match _500$ routes 4 times in (seq 10, 20, 30 and 40) with other match combinations, if the route originates in AS 500 but does not have AS 30 as transit in the AS-PATH and is not /24.
  • match combinations of _500$ and _30_ twice in (seq 10,30), if the route originates in AS 500 and has AS 30 as transit in the AS-PATH and is not /24.
  • match combinations of _500$ and prefix-list SLASH-24 twice in (seq 10,20), if the route originates in AS 500 and is a /24 route that does not AS 30 as transit.

 

This can incur additional CPU processing power during session bring up times especially if there too many routes originating in AS 500

The same objectives can be achieved more optimally and in a more CPU-friendly manner using the continue feature in route-maps by doing the below

ip as-path access-list AS500 permit _500$
ip as-path access-list AS30-TRANSIT permit _30_
ip prefix-list SLASH-24 permit 0.0.0.0/0 eq 24
!
route-map ISP-INBOUND-POLICY permit 10
   match as-path AS500
   continue 30
   set community 64512:500
route-map ISP-INBOUND-POLICY permit 20
route-map ISP-INBOUND-POLICY permit 30
   match as-path AS30-TRANSIT
   continue 40
   set local-preference 30
   set community 64512:30 additive 
route-map ISP-INBOUND-POLICY permit 40
   match IP address prefix-list SLASH-24
   set local-preference 24
   set community 64512:24 additive 
!

The advantage of the above is that the combinations of match lookups reduce:

  • The combination of _500$ and _30_ is matched only once if the route originates in AS 500, has AS 30 as a transit AS, irrespective of whether the route is /24 or not. 
  • The combination of _500$ and prefix-list SLASH-24 is matched only once if the route originates in AS 500 and is a /24 route.

Applications of the route-map continue feature in different scenarios and their effects

Network Diagram

 

Scenario 1a) Child Seq sets different attribute not set by Parent Seq (Inbound Policy Demo)

Basic application of the continue feature that sets a different attribute in the Child sequence (Application in an inbound Route-Map)

  • SET-UP : On DC1 there is an eBGP neighbor with ISP-A from which it already receives internet prefixes (>5000,000)
  • OBJECTIVE : To create an inbound policy on DC1 to this ISP neighbor ISP-A that will
    1. Set Local Preference 250 to all routes that originate in AS 51043 (regex _51043$).
    2. Also set MED 500 only to /22-/24 routes of this group that originate in AS 51043.
    3. Accept all other routes as they are.

Existing BGP  configuration on DC1, the count of routes received from the neighbor ISP-A and also the status of routes from this neighbor that originate from AS51043

DC1#show version | head -8
    Arista DCS-7280QRA-C36S-F  
    Software image version: 4.24.0F
DC1#
DC1#show run | in multi-agent
    service routing protocols model multi-agent
DC1#
    
DC1#show ip bgp summ
    BGP summary information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    Neighbor Status Codes: m - Under maintenance
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC2               46.46.46.85      4  64512            614    664377    0    0 07:54:44 Estab   9      9
      ISP-A                46.71.57.71      4  500           773879      2466    0    0 08:42:18 Estab   555175 555175
DC1#
DC1#show run sec bgp | be router bgp
    router bgp 64512
       neighbor 46.46.46.85 remote-as 64512
       neighbor 46.46.46.85 next-hop-self
       neighbor 46.46.46.85 update-source Loopback1
       neighbor 46.46.46.85 description DC2
       neighbor 46.46.46.85 send-community
       neighbor 46.46.46.85 maximum-routes 12000
       neighbor 46.71.57.71 remote-as 500
       neighbor 46.71.57.71 description ISP-A
       neighbor 46.71.57.71 send-community
       neighbor 46.71.57.71 maximum-routes 0
       network 46.46.64.0/24
DC1#

DC1#show ip bgp regex _51043$
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      5.22.136.0/21          46.71.57.71           0       100     0       500 65510 6453 174 51043 i
     * >      5.22.136.0/22          46.71.57.71           0       100     0       500 65510 6453 174 51043 i
     * >      5.22.140.0/23          46.71.57.71           0       100     0       500 65510 6453 3257 5089 51043 i
     * >      178.23.128.0/21        46.71.57.71           0       100     0       500 65510 6453 174 51043 i
     * >      178.23.128.0/22        46.71.57.71           0       100     0       500 65510 6453 174 51043 i
     * >      178.23.128.0/23        46.71.57.71           0       100     0       500 65510 6453 3257 5089 51043 i
     * >      178.23.129.0/24        46.71.57.71           0       100     0       500 65510 6453 174 51043 i
     * >      178.23.132.0/24        46.71.57.71           0       100     0       500 65510 6453 174 51043 i
DC1#

Configuration of the inbound policy using the Route-Map continue feature

DC1#conf t
DC1(config)#route-map ISP-INBOUND-POLICY permit 10
DC1(config-route-map-ISP-INBOUND-POLICY)#match as-path NETWORKS-OF-51043
DC1(config-route-map-ISP-INBOUND-POLICY)#continue 30
DC1(config-route-map-ISP-INBOUND-POLICY)#set local-preference 250
DC1(config-route-map-ISP-INBOUND-POLICY)#exit
DC1(config)#route-map ISP-INBOUND-POLICY permit 20
DC1(config-route-map-ISP-INBOUND-POLICY)#exit
DC1(config)#route-map ISP-INBOUND-POLICY permit 30
DC1(config-route-map-ISP-INBOUND-POLICY)#match ip address prefix-list 22-TO-24
DC1(config-route-map-ISP-INBOUND-POLICY)#set metric 500
DC1(config-route-map-ISP-INBOUND-POLICY)#exit
DC1(config)#ip as-path access-list NETWORKS-OF-51043 permit _51043$
DC1(config)#ip prefix-list 22-TO-24 seq 10 permit 0.0.0.0/0 ge 22 le 24
DC1(config)#

Application of this inbound route-map towards the eBGP neighbor ISP-A and the result post soft-clear of the session.

DC1#conf t
DC1(config)#router bgp 64512
DC1(config-router-bgp)#neighbor 46.71.57.71 route-map  ISP-INBOUND-POLICY  in
DC1(config-router-bgp)#exit
DC1(config)#clear ip bgp 46.71.57.71 soft in
DC1(config)#exit
DC1#
DC1#show run sec bgp | be router bgp
    router bgp 64512
       neighbor 46.46.46.85 remote-as 64512
       neighbor 46.46.46.85 next-hop-self
       neighbor 46.46.46.85 update-source Loopback1
       neighbor 46.46.46.85 description DC2
       neighbor 46.46.46.85 send-community
       neighbor 46.46.46.85 maximum-routes 12000
       neighbor 46.71.57.71 remote-as 500
       neighbor 46.71.57.71 description ISP-A
       neighbor 46.71.57.71 route-map ISP-INBOUND-POLICY in     >>>>>>>>>>>
       neighbor 46.71.57.71 send-community
       neighbor 46.71.57.71 maximum-routes 0
       network 46.46.64.0/24
DC1#
DC1#show route-map ISP-INBOUND-POLICY
route-map ISP-INBOUND-POLICY permit 10
     Description:
     Match clauses:
        match as-path NETWORKS-OF-51043
     SubRouteMap:
     Continue: sequence 30
     Set clauses:
        set local-preference 250
route-map ISP-INBOUND-POLICY permit 20
      Description:
      Match clauses:
      SubRouteMap:
      Set clauses:
route-map ISP-INBOUND-POLICY permit 30
      Description:
      Match clauses:
         match ip address prefix-list 22-TO-24
      SubRouteMap:
      Set clauses:
         set metric 500
DC1#
DC1#show ip as-path access-list NETWORKS-OF-51043
    AS-path entry codes: # - entry is invalid in the current regex mode (asn)
    ip as-path regex-mode asn
    ip as-path access-list NETWORKS-OF-51043 permit _51043$ any
DC1#
DC1#show ip prefix-list 22-TO-24
ip prefix-list 22-TO-24
 seq 5 permit 0.0.0.0/0 ge 22 le 24
DC1#show ip bgp summ
BGP summary information for VRF default
Router identifier 46.46.46.57, local AS number 64512
Neighbor Status Codes: m - Under maintenance
Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
       DC2               46.46.46.85      4  64512            628    664404    0    0 08:06:23 Estab   9      9
    ISP-A                46.71.57.71      4  500           854031      2481    0    0 08:53:56 Estab   555175 555175

DC1#show ip bgp regex _51043$
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      5.22.136.0/21          46.71.57.71           0       250     0       500 65510 6453 174 51043 i
     * >      5.22.136.0/22          46.71.57.71           500     250     0       500 65510 6453 174 51043 i
     * >      5.22.140.0/23          46.71.57.71           500     250     0       500 65510 6453 3257 5089 51043 i
     * >      178.23.128.0/21        46.71.57.71           0       250     0       500 65510 6453 174 51043 i
     * >      178.23.128.0/22        46.71.57.71           500     250     0       500 65510 6453 174 51043 i
     * >      178.23.128.0/23        46.71.57.71           500     250     0       500 65510 6453 3257 5089 51043 i
     * >      178.23.129.0/24        46.71.57.71           500     250     0       500 65510 6453 174 51043 i
     * >      178.23.132.0/24        46.71.57.71           500     250     0       500 65510 6453 174 51043 i
    

Post soft-clear the other routes from the neighbor are accepted as they are.

 

DC1#show ip bgp
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      1.0.0.0/24             46.71.57.71           0       100     0       500 65510 15169 i
     * >      1.0.4.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 i
     * >      1.0.5.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 i
     * >      1.0.6.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 56203 56203 i
     * >      1.0.7.0/24             46.71.57.71           0       100     0       500 65510 6453 4637 1221 38803 i
     * >      1.0.38.0/24            46.71.57.71           0       100     0       500 65510 1299 9505 24155 i
     * >      1.0.64.0/18            46.71.57.71           0       100     0       500 65510 2914 2497 7670 7670 18144 i
     * >      1.0.128.0/17           46.71.57.71           0       100     0       500 65510 4651 9737 i

 

Result

Post soft-clear of the BGP session :

  1. From show ip bgp neighbor 46.71.57.71 routes regexp 51043$ it can be seen that all routes originating in AS 51043 (regexp _51043$) are set with LP250.
  2. From the same command, it can be seen that only /22-/24 routes in this group (ie that originate in AS 51043) have MED 500
  3. From the same command taken before and after the Route-Map was applied, it can be seen that the number of _51043$ routes received after the soft clear is the same as the number of _51043$ routes received before, ie 15.
  4. From show ip bgp neighbors 46.71.57.71 routes, it can be seen that other routes from that eBGP ISP peer are accepted as they are with no attribute change or set, as they areacted upon by the sequence 20 statement.
  5. From show ip bgp summ it can be see that the count of routes accepted from the peer ISP-A is the same as before the Route-Map was applied ie 555175.

Inferences

a) When routes are diverted, after being matched, from the Parent sequence statement by the continue command to the Child sequence statement for evaluation, the evaluation of these routes in the Child sequence statement is done with the consideration that they have to be a subset of the routes matched in the Parent sequence. So here in this example, the Child sequence 30 matches only those /22 to /24 prefixes that only originate in AS 51043 which is the match condition of the Parent sequence 10 that has the continue, and not any /22 to /24 prefixes. So, as can be seen in the last show ip bgp neighbors 46.71.57.71 routes output, all other /22-/24 routes are not set with MED 500 and LP 250.

b) If the attribute set by the Child sequence on the subset of routes is different from the attribute set by the Parent sequence, the latter attribute set by the Parent sequence is also preserved. In this example, the Parent sequence 10 sets Local-Preference 250 for all BGP routes that originate in AS 51043, and even though the Child sequence 30 sets a different attribute of MED 500 for /22 to /24 routes that originate in AS 51043, these /22 to /24 routes also have LP 250 preserved on them.

c) Routes not matched by the Parent sequence with continue, will be subject to evaluation by the following Route-Map sequence. So here, routes not matched by seq 10 (ie all other networks) are matched by seq 20, and that’s why all non _51043$ routes are accepted as they are, as seen in show ip bgp without any attributes changed

 

Scenario 1b) Child Seq sets  different attribute not set by Parent Seq (Outbound Policy Demo)

Basic application of the continue feature that sets a different attribute in the Child sequence (Application in an Outbound Route-Map).

  • SET-UP : DC1 is already advertising 8 networks to its eBGP peer ISP-A 3 of which are /24’s.
  • OBJECTIVE : To create an outbound policy to this neighbor that will :
    1. Prepend 3 copies of local AS along with MED500 to all routes advertised.
    2. Also set a community 64512:500 only to the /24’s that are advertised.

 

List of Advertised routes on DC1 to the neighbor ISP-A :

DC1#show ip bgp summ
    BGP summary information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    Neighbor Status Codes: m - Under maintenance
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC2               46.46.46.85      4  64512            651    664427    0    0 08:25:37 Estab   9      9
      ISP-A                46.71.57.71      4  500           854053      2504    0    0 09:13:11 Estab   555175 555175
DC1#  
DC1#show ip bgp neighbors 46.71.57.71 advertised-routes
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      46.46.64.0/22          46.71.57.57           -       -       -       64512 i
     * >      46.46.64.0/24          46.71.57.57           -       -       -       64512 i
     * >      46.46.182.0/24         46.71.57.57           -       -       -       64512 i
     * >      46.46.193.193/32       46.71.57.57           -       -       -       64512 i
     * >      46.46.193.197/32       46.71.57.57           -       -       -       64512 i
     * >      46.46.195.0/24         46.71.57.57           -       -       -       64512 i
     * >      46.46.200.200/32       46.71.57.57           -       -       -       64512 i
     * >      50.50.64.0/22          46.71.57.57           -       -       -       64512 i
DC1#

Outbound Route-Map configuration and the effect post soft-clear of the BGP session :

DC1#show route-map OUTBOUND-ISP-POLICY
route-map OUTBOUND-ISP-POLICY permit 10
  Description:
  Match clauses:
  SubRouteMap:
  Continue: sequence 20
  Set clauses:
    set metric 500
    set as-path prepend 64512 64512 64512
route-map OUTBOUND-ISP-POLICY permit 20
  Description:
  Match clauses:
    match ip address prefix-list SLASH-24
  SubRouteMap:
  Set clauses:
    set community 64512:500
DC1#

DC1#ip prefix-list SLASH-24 seq 5 permit 0.0.0.0/0 eq 24
DC1#show run sec bgp | in neighbor 46.71.57.71
    neighbor 46.71.57.71 remote-as 500
    neighbor 46.71.57.71 description ISP-A
    neighbor 46.71.57.71 route-map ISP-INBOUND-POLICY in
    neighbor 46.71.57.71 route-map OUTBOUND-ISP-POLICY out
    neighbor 46.71.57.71 send-community
    neighbor 46.71.57.71 maximum-routes 0
DC1#

As can be seen after the soft clear of the eBGP session, the same 10 routes are advertised but this time all with 4 copies of the local AS as well as a MED of 500.

DC1#show ip bgp neighbors 46.71.57.71 advertised-routes
    BGP routing table information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      46.46.64.0/22          46.71.57.57           500     -       -       64512 64512 64512 64512 i
     * >      46.46.64.0/24          46.71.57.57           500     -       -       64512 64512 64512 64512 i
     * >      46.46.182.0/24         46.71.57.57           500     -       -       64512 64512 64512 64512 i
     * >      46.46.193.193/32       46.71.57.57           500     -       -       64512 64512 64512 64512 i
     * >      46.46.193.197/32       46.71.57.57           500     -       -       64512 64512 64512 64512 i
     * >      46.46.195.0/24         46.71.57.57           500     -       -       64512 64512 64512 64512 i
     * >      46.46.200.200/32       46.71.57.57           500     -       -       64512 64512 64512 64512 i
     * >      50.50.50.1/32          46.71.57.57           500     -       -       64512 64512 64512 64512 i
     * >      50.50.55.0/24          46.71.57.57           500     -       -       64512 64512 64512 64512 i
     * >      50.50.64.0/22          46.71.57.57           500     -       -       64512 64512 64512 64512 i
DC1#

Only the 4 /24 prefixes you see above are advertised with a community of 64512:500, which we see on the ISP eBGP peer ISP-A:

ISP-A...21:53:52#show ip bgp summ
    BGP summary information for VRF default
    Router identifier 46.46.46.71, local AS number 500
    Neighbor Status Codes: m - Under maintenance
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC1                  46.71.57.57      4  64512           4077   1054529    0    0 09:40:43 Estab   10     10
                               192.168.2.1      4  65510         476086       793    0    0 01:13:28 Estab   555177 555177

ISP-A...21:53:57#
ISP-A...21:54:13#show ip bgp neighbors 46.71.57.57 routes
    BGP routing table information for VRF default
    Router identifier 46.46.46.71, local AS number 500 
              Network                Next Hop              Metric  AIGP       LocPref Weight  Path
     * >      46.46.64.0/22          46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      46.46.64.0/24          46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      46.46.182.0/24         46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      46.46.193.193/32       46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      46.46.193.197/32       46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      46.46.195.0/24         46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      46.46.200.200/32       46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      50.50.50.1/32          46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      50.50.55.0/24          46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      50.50.64.0/22          46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
ISP-A...21:54:41#
ISP-A...21:54:50#show ip bgp community 64512:500
    BGP routing table information for VRF default
    Router identifier 46.46.46.71, local AS number 500
              Network                Next Hop              Metric  AIGP       LocPref Weight  Path
     * >      46.46.64.0/24          46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      46.46.182.0/24         46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      46.46.195.0/24         46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
     * >      50.50.55.0/24          46.71.57.57           500     -          100     0       64512 64512 64512 64512 i
ISP-A...21:55:25#

Result:

As can be seen above, the ISP device receives all 10 routes from its peer DC1 with 4 copies of its local AS, and also with MED 500, and all 4 /24
routes are tagged with the Community 64512:500.

Scenario 2) Child Seq overrides attribute set by Parent Seq

When the attribute set by the Parent sequence with the continue command is overridden by the attribute set by the Child sequence

  • SET-UP : On DC1 there is an eBGP neighbor with ISP-A from which it already receives internet prefixes (>5000,000). A few of these prefixes (32) have AS 38418 in their AS-PATH
  • OBJECTIVE: To create :
    1. An inbound policy on DC1 to this ISP neighbor ISP-A that will set Local Preference 200 and a Community 64512:38418 on routes that have a single copy of AS 38418 in their AS-PATH, and which will set Local Preference 50 and twin Communities of 38418:100 and 38418:38418 on routes that have this AS 38418 prepended many times. And accept all other routes as they are
    2. An outbound policy on DC1 towards the iBGP neighbor DC-1-CE-485 that sets a MED of 50 and prepends 2 copies of the local AS 64512 to routes that have a single copy of this AS 38418, and which sets a MED of 200 and prepends 5 copies of the local AS on routes that have AS 38418 prepended many times.  And advertise all other routes as they are.

Existing BGP configuration on DC1 and current display of routes that have 38418 in their AS-PATH

DC1...19:01:16#show ip bgp summ
    BGP summary information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    Neighbor Status Codes: m - Under maintenance
    Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
    DC1-CE-485               46.46.46.85      4  64512          12349   2429149    0    0    7d06h Estab   11     11
    ISP-A                46.71.57.71      4  500          3737341     15600    0    0    7d06h Estab   555174 555174
DC1...19:01:20#Show run sec bgp | be router bgp
    router bgp 64512
    neighbor 46.46.46.85 remote-as 64512
    neighbor 46.46.46.85 next-hop-self
    neighbor 46.46.46.85 update-source Loopback1
    neighbor 46.46.46.85 description DC1-CE-485
    neighbor 46.46.46.85 send-community
    neighbor 46.46.46.85 maximum-routes 12000
    neighbor 46.71.57.71 remote-as 500
    neighbor 46.71.57.71 description ISP-A
    neighbor 46.71.57.71 send-community
    neighbor 46.71.57.71 maximum-routes 0
    redistribute static
 DC1...19:01:26#
 DC1...19:01:27#Show ip bgp neighbors 46.71.57.71 routes regexp _38418_
    BGP routing table information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    Network                Next Hop              Metric  LocPref Weight  Path
    * >      1.229.139.0/24         46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      1.231.8.0/24           46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      1.231.9.0/24           46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      1.231.11.0/24          46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      1.239.50.0/24          46.71.57.71           0       100     0       500 65510 6453 3786 38418 38418 38418 38418 38418 i
    * >      14.40.11.0/24          46.71.57.71           0       100     0       500 65510 6939 4766 38418 i
    * >      14.40.12.0/22          46.71.57.71           0       100     0       500 65510 6939 4766 38418 i
    * >      14.40.16.0/22          46.71.57.71           0       100     0       500 65510 6939 4766 38418 i
    * >      14.40.20.0/23          46.71.57.71           0       100     0       500 65510 6939 4766 38418 i
    * >      14.40.94.0/24          46.71.57.71           0       100     0       500 65510 6939 4766 38418 i
    * >      58.29.3.0/24           46.71.57.71           0       100     0       500 65510 2914 3786 38418 i
    * >      58.29.40.0/22          46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      58.29.40.0/23          46.71.57.71           0       100     0       500 65510 2914 3786 38418 i
    * >      58.29.42.0/24          46.71.57.71           0       100     0       500 65510 2914 3786 38418 i
    * >      58.29.43.0/24          46.71.57.71           0       100     0       500 65510 6453 3786 38418 i
    * >      58.29.44.0/24          46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      58.29.46.0/24          46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      58.29.87.0/24          46.71.57.71           0       100     0       500 65510 2914 3786 38418 i
    * >      112.77.154.0/23        46.71.57.71           0       100     0       500 65510 6453 3786 38418 i
    * >      124.3.76.0/24          46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      124.3.77.0/24          46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      124.138.102.0/23       46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      124.138.104.0/22       46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      124.138.108.0/22       46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      125.241.0.0/19         46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      125.241.0.0/20         46.71.57.71           0       100     0       500 65510 2914 3786 38418 i
    * >      125.241.16.0/22        46.71.57.71           0       100     0       500 65510 2914 3786 38418 i
    * >      125.241.20.0/24        46.71.57.71           0       100     0       500 65510 2914 3786 38418 i
    * >      125.241.22.0/23        46.71.57.71           0       100     0       500 65510 2914 3786 38418 i
    * >      125.241.24.0/21        46.71.57.71           0       100     0       500 65510 2914 3786 38418 i
    * >      181.82.17.0/24         46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    * >      181.82.18.0/24         46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
    DC1...19:01:58#

Current Display of routes that have AS 38418 prepended at least twice in their AS-PATH

DC1#show ip bgp neighbors 46.71.57.71 routes regexp (_38418_).
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      1.229.139.0/24         46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.8.0/24           46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.9.0/24           46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.11.0/24          46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.239.50.0/24          46.71.57.71           0       100     0       500 65510 6453 3786 38418 38418 38418 38418 38418 i
     * >      58.29.40.0/22          46.71.57.71           0       100     0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
DC1#

Configuration of the Inbound Policy towards the eBGP neighbor ISP-A, and the Outbound Policy towards the iBGP neighbor DC2

DC1#show route-map ISP-INBOUND-POLICY
    route-map ISP-INBOUND-POLICY permit 10
      Description:
      Match clauses:
        match as-path 38418-NETWORKS
      SubRouteMap:
      Continue: sequence 30
      Set clauses:
        set local-preference 200
        set community 64512:38418
    route-map ISP-INBOUND-POLICY permit 20
      Description:
      Match clauses:
      SubRouteMap:
      Set clauses:
    route-map ISP-INBOUND-POLICY permit 30
      Description:
      Match clauses:
        match as-path 38418-PREPEND-NETWORKS
      SubRouteMap:
      Set clauses:
        set local-preference 50
        set community 38418:100 38418:38418
DC1#show route-map IBGP-NEIGHBOR-OUT-POLICY
    route-map IBGP-NEIGHBOR-OUT-POLICY permit 10
      Description:
      Match clauses:
        match as-path 38418-NETWORKS
      SubRouteMap:
      Continue: sequence 30
      Set clauses:
        set metric 50
        set as-path prepend 64512 64512
    route-map IBGP-NEIGHBOR-OUT-POLICY permit 20
      Description:
      Match clauses:
      SubRouteMap:
      Set clauses:
    route-map IBGP-NEIGHBOR-OUT-POLICY permit 30
      Description:
      Match clauses:
        match as-path 38418-PREPEND-NETWORKS
      SubRouteMap:
      Set clauses:
        set metric 200
        set as-path prepend 64512 64512 64512 64512 64512
DC1#show ip as-path access-list 38418-NETWORKS
    AS-path entry codes: # - entry is invalid in the current regex mode (asn)
    ip as-path regex-mode asn
      ip as-path access-list 38418-NETWORKS permit _38418_ any
DC1#show ip as-path access-list 38418-PREPEND-NETWORKS
    AS-path entry codes: # - entry is invalid in the current regex mode (asn)
    ip as-path regex-mode asn
      ip as-path access-list 38418-PREPEND-NETWORKS permit (_38418_). any

 

DC1#
Application of these Route-Map policies against the respective neighbors and the result post soft-clear.

DC1(config)#router bgp 64512
DC1(config-router-bgp)#neighbor 46.71.57.71 route-map ISP-INBOUND-POLICY in
DC1(config-router-bgp)#neighbor 46.46.46.85 route-map IBGP-NEIGHBOR-OUT-POLICY out
DC1(config-router-bgp)#clear ip bgp 46.71.57.71 soft in
DC1(config-router-bgp)#clear ip bgp 46.46.46.85 soft out
DC1(config-router-bgp)#
DC1#show ip bgp neighbors 46.71.57.71 routes regex _38418_ | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      1.229.139.0/24         46.71.57.71           0       50      0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.8.0/24           46.71.57.71           0       50      0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.9.0/24           46.71.57.71           0       50      0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.11.0/24          46.71.57.71           0       50      0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.239.50.0/24          46.71.57.71           0       50      0       500 65510 6453 3786 38418 38418 38418 38418 38418 i
     * >      14.40.11.0/24          46.71.57.71           0       200     0       500 65510 6939 4766 38418 i
     * >      14.40.12.0/22          46.71.57.71           0       200     0       500 65510 6939 4766 38418 i
     * >      14.40.16.0/22          46.71.57.71           0       200     0       500 65510 6939 4766 38418 i
     * >      14.40.20.0/23          46.71.57.71           0       200     0       500 65510 6939 4766 38418 i
     * >      14.40.94.0/24          46.71.57.71           0       200     0       500 65510 6939 4766 38418 i
     * >      58.29.3.0/24           46.71.57.71           0       200     0       500 65510 2914 3786 38418 i
     * >      58.29.40.0/22          46.71.57.71           0       50      0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      58.29.40.0/23          46.71.57.71           0       200     0       500 65510 2914 3786 38418 i
DC1#DC1#show ip bgp neighbors 46.46.46.85 advertised-routes regex _38418_ | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      1.229.139.0/24         46.46.46.57           200     50      -       64512 64512 64512 64512 64512 64512 64512 500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.8.0/24           46.46.46.57           200     50      -       64512 64512 64512 64512 64512 64512 64512 500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.9.0/24           46.46.46.57           200     50      -       64512 64512 64512 64512 64512 64512 64512 500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.11.0/24          46.46.46.57           200     50      -       64512 64512 64512 64512 64512 64512 64512 500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.239.50.0/24          46.46.46.57           200     50      -       64512 64512 64512 64512 64512 64512 64512 500 65510 6453 3786 38418 38418 38418 38418 38418 i
     * >      14.40.11.0/24          46.46.46.57           50      200     -       64512 64512 500 65510 6939 4766 38418 i
     * >      14.40.12.0/22          46.46.46.57           50      200     -       64512 64512 500 65510 6939 4766 38418 i
     * >      14.40.16.0/22          46.46.46.57           50      200     -       64512 64512 500 65510 6939 4766 38418 i
     * >      14.40.20.0/23          46.46.46.57           50      200     -       64512 64512 500 65510 6939 4766 38418 i
     * >      14.40.94.0/24          46.46.46.57           50      200     -       64512 64512 500 65510 6939 4766 38418 i
     * >      58.29.3.0/24           46.46.46.57           50      200     -       64512 64512 500 65510 2914 3786 38418 i
     * >      58.29.40.0/22          46.46.46.57           200     50      -       64512 64512 64512 64512 64512 64512 64512 500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      58.29.40.0/23          46.46.46.57           50      200     -       64512 64512 500 65510 2914 3786 38418 i

Display of routes with different sets of communities post soft-clear.

DC1#show ip bgp neighbors 46.71.57.71 routes community 64512:38418 exact | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      14.40.11.0/24          46.71.57.71           0       200     0       500 65510 6939 4766 38418 i
     * >      14.40.12.0/22          46.71.57.71           0       200     0       500 65510 6939 4766 38418 i
     * >      14.40.16.0/22          46.71.57.71           0       200     0       500 65510 6939 4766 38418 i
     * >      14.40.20.0/23          46.71.57.71           0       200     0       500 65510 6939 4766 38418 i
     * >      14.40.94.0/24          46.71.57.71           0       200     0       500 65510 6939 4766 38418 i
     * >      58.29.3.0/24           46.71.57.71           0       200     0       500 65510 2914 3786 38418 i
     * >      58.29.40.0/23          46.71.57.71           0       200     0       500 65510 2914 3786 38418 I
DC1#


DC1#show ip bgp neighbors 46.71.57.71 routes  community 38418:100 38418:38418  exact | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      1.229.139.0/24         46.71.57.71           0       50      0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.8.0/24           46.71.57.71           0       50      0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.9.0/24           46.71.57.71           0       50      0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.231.11.0/24          46.71.57.71           0       50      0       500 65510 6939 4766 38418 38418 38418 38418 38418 i
     * >      1.239.50.0/24          46.71.57.71           0       50      0       500 65510 6453 3786 38418 38418 38418 38418 38418 i
     * >      58.29.40.0/22          46.71.57.71           0       50      0       500 65510 6939 4766 38418 38418 38418 38418 38418 i

DC1#  

DC1#show ip bgp 1.229.139.0/24
    BGP routing table information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    BGP routing table entry for 1.229.139.0/24
     Paths: 1 available
      500 65510 6939 4766 38418 38418 38418 38418 38418
        46.71.57.71 from 46.71.57.71 (46.46.46.71)
          Origin IGP, metric 0, localpref 50, IGP metric 0, weight 0, received 00:18:52 ago, valid, external, best
          Community: 38418:100 38418:38418
          Rx SAFI: Unicast
DC1#
DC1#show ip bgp 1.231.8.0/24
    BGP routing table information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    BGP routing table entry for 1.231.8.0/24
     Paths: 1 available
      500 65510 6939 4766 38418 38418 38418 38418 38418
        46.71.57.71 from 46.71.57.71 (46.46.46.71)
          Origin IGP, metric 0, localpref 50, IGP metric 0, weight 0, received 01:08:55 ago, valid, external, best
          Community: 38418:100 38418:38418
          Rx SAFI: Unicast
DC1#

Display of the count of routes from the neighbor ISP-A post soft-clear, and also the general display of BGP routes received from the peer ISP-A

DC1#show ip bgp summ
    BGP summary information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    Neighbor Status Codes: m - Under maintenance
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC2               46.46.46.85      4  64512          12365   2429201    0    0    7d06h Estab   11     11
      ISP-A                46.71.57.71      4  500          3817494     15616    0    0    7d07h Estab   555174 555174
DC1#
DC1#show ip bgp
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      1.0.0.0/24             46.71.57.71           0       100     0       500 65510 15169 i
     * >      1.0.4.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 i
     * >      1.0.5.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 i
     * >      1.0.6.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 56203 56203 i
     * >      1.0.7.0/24             46.71.57.71           0       100     0       500 65510 6453 4637 1221 38803 i
     * >      1.0.38.0/24            46.71.57.71           0       100     0       500 65510 1299 9505 24155 i
     * >      1.0.64.0/18            46.71.57.71           0       100     0       500 65510 2914 2497 7670 7670 18144 i
     * >      1.0.128.0/17           46.71.57.71           0       100     0       500 65510 4651 9737 i
     * >      1.0.128.0/18           46.71.57.71           0       100     0       500 65510 4651 9737 i
     * >      1.0.128.0/19           46.71.57.71           0       100     0       500 65510 4651 9737 i

 

Display of the count of IPv4 routes advertised by DC1 to the iBGP neighbor 46.46.46.85

DC1#show ip bgp neighbors  46.46.46.85
    BGP neighbor is 46.46.46.85, remote AS 64512, internal link
     Description: DC2
      Prefix Statistics:
                                       Sent      Rcvd
        IPv4 Unicast:                555180        11
        IPv6 Unicast:                     0         0

Result post soft-clear

  1. From show ip bgp neighbors 46.71.57.71 routes community 38418:100 38418:38418 exact” it can be seen that Local-Preference 50 and the twin communities 38418:100 and 38418:38418 set by the Child sequence 30 of the inbound Route-Map ISP-INBOUND-POLICY for (_38418_). networks ie networks that have AS 38418 prepended multiple times, has overridden the local-preference of 200 and the community of 64512:38418 set in the Parent Route-Map sequence 10. So here the Local-Preference and the communities set in the Child sequence have overridden the Local Preference and Communities set in the Parent Route-Map sequence.
  2. From show ip bgp neighbors 46.46.46.85 advertised-routes regex _38418_ it can be seen that the routes that have AS 38418 prepended many times have MED 200 set  and AS 64512 prepended 5+2 i.e. 7 times as they are advertised – that is 5 times by the Child sequence 30 statement, and 2 times by the Parent sequence 10 statement of the Outbound Route-Map IBGP-NEIGHBOR-OUT policy, and routes that have a single copy of AS38418 have the local AS 64512 prepended twice and are set with MED 50
  3. From show ip bgp it can be seen that other routes from the eBGP neighbor ISP-1-570 (46.71.57.71), are accepted as they are by the sequence 20 statement of the inbound Route-Map ISP-INBOUND-POLICY.

Inference: The attributes set by the Child sequence override the attributes set by the Parent sequence.

Scenario 3)   Where the Child Seq too has a continue, diverting to another Child Seq

When a Parent sequence continue refers to a Child sequence which also has a continue, diverting evaluation to another Child sequence.

  • SET-UP : DC1 is already receiving full internet routes (>5000,000) from its eBGP neighbor ISP-A, and a few of these originate in AS 46164 all of which are received with a community 46164:500.
  • OBJECTIVE : To create an inbound policy on DC1 towards its eBGP neighbor, ISP-A:
    1. To ensure all routes with the community 46164:500 are set with Local Preference 200, but,
    2. a subset of these routes that have 3356 in their AS-PATH should have Local-Preference 300 and an additional Community of 46164:3356 also set.
    3. The subset of only /24 routes that have the community 46164:500 set, should have a Local Preference of 400 and also an additional community of 46124:24

  

DC1#show ip bgp summ | be Neighbor

    Neighbor Status Codes: m - Under maintenance

     Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc

  DC2               46.46.46.85      4  64512           1700   1152199    0    0 23:23:22 Estab   9      9
ISP-A                46.71.57.71      4  500          1571751      4842    0    0    1d00h Estab   555175 555175
DC1#
    DC1#show run sec bgp | be router bgp
    router bgp 64512
       neighbor 46.46.46.85 remote-as 64512
       neighbor 46.46.46.85 next-hop-self
       neighbor 46.46.46.85 update-source Loopback1
       neighbor 46.46.46.85 description DC2
       neighbor 46.46.46.85 send-community
       neighbor 46.46.46.85 maximum-routes 12000
       neighbor 46.71.57.71 remote-as 500
       neighbor 46.71.57.71 description ISP-A
       neighbor 46.71.57.71 send-community
       neighbor 46.71.57.71 maximum-routes 0
       network 46.46.64.0/24
DC1#

 

 Below is a list of all BGP routes already received with the community 46164:500 from the eBGP ISP peer ISP-A (neighbor 46.71.57.71). These routes are routes originating in AS 46164

 

DC1#show ip bgp community 46164:500
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      4.23.88.0/23           46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      4.23.88.0/24           46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      4.23.89.0/24           46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      4.43.50.0/23           46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      4.43.50.0/24           46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      8.14.0.0/19            46.71.57.71           0       100     0       500 65510 6453 3356 46164 i
     * >      107.250.128.0/17       46.71.57.71           0       100     0       500 65510 6453 3356 46164 i
     * >      155.165.128.0/17       46.71.57.71           0       100     0       500 65510 6453 3356 46164 i
     * >      199.4.240.0/24         46.71.57.71           0       100     0       500 65510 6453 3356 46164 i
     * >      209.84.215.0/24        46.71.57.71           0       100     0       500 65510 6453 3356 46164 i
DC1#

 

Below is the inbound route-map to be applied  on the ISP neighbor

DC1#show route-map ISP-INBOUND-POLICY
    route-map ISP-INBOUND-POLICY permit 10
      Description:
      Match clauses:
        match community AS46164-COMMUNITY
      SubRouteMap:
      Continue: sequence 30
      Set clauses:
        set local-preference 200
    route-map ISP-INBOUND-POLICY permit 20
      Description:
      Match clauses:
      SubRouteMap:
      Set clauses:
    route-map ISP-INBOUND-POLICY permit 30
      Description:
      Match clauses:
        match as-path 3356-TRANSIT
      SubRouteMap:
      Continue: sequence 40
      Set clauses:
        set local-preference 300
        set community 46164:3356 additive
    route-map ISP-INBOUND-POLICY permit 40
      Description:
      Match clauses:
        match ip address prefix-list SLASH-24
      SubRouteMap:
      Set clauses:
        set local-preference 400
        set community 46124:24 additive
DC1#show ip community-list AS46164-COMMUNITY
    ip community-list AS46164-COMMUNITY permit 46164:500
DC1#show ip as-path access-list 3356-TRANSIT
    AS-path entry codes: # - entry is invalid in the current regex mode (asn)
    ip as-path regex-mode asn
      ip as-path access-list 3356-TRANSIT permit _3356_ any
DC1...12:28:06#show ip prefix-list SLASH-24
    ip prefix-list SLASH-24
        seq 5 permit 0.0.0.0/0 eq 24
DC1#

Below shows the result post application of this inbound policy to the neighbor and post soft clear

DC1#conf t
DC1(config)#router bgp 64512
DC1(config-router-bgp)#neighbor 46.71.57.71 route-map ISP-INBOUND-POLICY in
DC1(config-router-bgp)#clear ip bgp 46.71.57.71 soft in
DC1(config-router-bgp)#
  

DC1#show ip bgp community 46164:500 exact | be Network
         Network                Next Hop              Metric  LocPref Weight  Path
 * >     4.23.88.0/23           46.46.46.71           -       200     0       500 65510 6453 7018 46164 i
 * >     4.43.50.0/23           46.46.46.71           -       200     0       500 65510 6453 7018 46164 i

DC1#

DC1#show ip bgp community 46164:500 46164:3356 exact | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      8.14.0.0/19            46.71.57.71           0       300     0       500 65510 6453 3356 46164 i
     * >      107.250.128.0/17       46.71.57.71           0       300     0       500 65510 6453 3356 46164 i
     * >      155.165.128.0/17       46.71.57.71           0       300     0       500 65510 6453 3356 46164 i

DC1#

DC1#show ip bgp community 46164:500 46124:24 exact | be Network
     * >      4.23.88.0/24           46.71.57.71           0       400     0       500 65510 6453 7018 46164 i
     * >      4.23.89.0/24           46.71.57.71           0       400     0       500 65510 6453 7018 46164 i
     * >      4.43.50.0/24           46.71.57.71           0       400     0       500 65510 6453 7018 46164 i

DC1#
DC1#show ip bgp community 46164:500 46164:3356 46124:24 exact | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      199.4.240.0/24         46.71.57.71           0       400     0       500 65510 6453 3356 46164 i
     * >      209.84.215.0/24        46.71.57.71           0       400     0       500 65510 6453 3356 46164 i
DC1#show ip bgp neighbors 46.71.57.71 routes | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      1.0.0.0/24             46.71.57.71           0       100     0       500 65510 15169 i
     * >      1.0.4.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 i
     * >      1.0.5.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 i
     * >      1.0.6.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 56203 56203 i

 

Display of routes count received from the neighbor ISP-A post soft clear of the session:

DC1#show ip bgp summ
    BGP summary information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    Neighbor Status Codes: m - Under maintenance
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC2               46.46.46.85      4  64512           1734   1152266    0    0 23:52:31 Estab   9      9
      ISP-A                46.71.57.71      4  500          1651923      4878    0    0    1d00h Estab   555175 555175
DC1#

 

Result post soft clear of the eBGP session:

  1. From show ip bgp community 46164:500 46164:3356 exact it can be seen that those routes that have Community 46164:500, and which have AS 3356 in their AS-PATH, have a Local-Preference of 300 set and are also set with a single additional Community of 46164:3356.
  2. From show ip bgp community 46164:500 46164:3356 46124:24 exact it can be seen that those /24 networks that were received with the Community 46164:500 and which have AS 3356 in their AS-PATH also have these 2 additional Communities set – 46164:3356 and 46164:24, and that LP400 is set for these 2 /24 routes due to sequence 40 statement. The reason why the Community 46164:3356 is also set on these routes is due to the “additive” keyword in sequence 40 that causes any Communities set by the upper Child sequence or Parent sequence to be preserved. In the absence of the “additive” keyword in sequence 40, these 2 /24 routes matched by sequence 40 would have had just this single Community 46164:24 set.
  3. From show ip bgp community 46164:500 46124:24 exact it can be seen that that /24 routes that that were received community 46164:500 which dont have AS 3356 in their AS-PATH are set with community 46124:24 also and with local-preference 400.
  4. From show ip bgp community 46164:500 exact it can be seen that all the other routes with only community 46164:500 have their local-preference set as 200.
  5. From show ip bgp summ, it can be seen that the same number of routes are accepted as before the inbound Policy was applied i.e. 555175

Inference:

  1. When the Child sequence statement  with a continue  diverts a matched route (that it gets from the Parent sequence statement with a continue) to another Child Route-Map sequence, the match condition in this latter Child Route-Map sequence will be considered as a subset of the routes matched in the Parent Route-Map sequence, i.e the very first Route-Map sequence with the continue.
  2. A Community set by a Child Sequence will not override any previous Community set by the Upper Child sequence or Parent sequence if the additive keyword is used in that Child Sequence.

Scenario 4a) When Child Seq that denies route permitted by Parent, is not followed by Permit Seq

When the Child sequence denies a match that’s permitted by the Parent sequence and where that Child sequence that denies is not followed by a permit sequence that permits the route that’s denied.

  • SET-UP: DC1 has an iBGP neighborship with DC1-CE-487 from which it gets 9 routes of which 4 routes are set with LP50, and the remaining with LP100
  • OBJECTIVE: To create an inbound policy to this ibgp neighbor which
    1. Sets the Community 64512:200 to all /24-/32 prefixes received, and
    2. Which denies routes received with LP50 in this range (/24-/32) and
    3. Which accepts all other routes.

Below is the existing BGP configuration on DC1 and routes received from the iBGP neighbor DC2

DC1#show ip bgp summ
    BGP summary information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    Neighbor Status Codes: m - Under maintenance
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC2                  46.46.46.85      4  64512           1903   1154791    0    0    1d02h Estab   13     13
      ISP-A                46.71.57.71      4  500          1654935      5048    0    0    1d02h Estab   0      0
DC1#
   
 DC1#show run sec bgp | be router bgp
    router bgp 64512
       neighbor 46.46.46.85 remote-as 64512
       neighbor 46.46.46.85 next-hop-self
       neighbor 46.46.46.85 update-source Loopback1
       neighbor 46.46.46.85 description DC2
       neighbor 46.46.46.85 send-community
       neighbor 46.46.46.85 maximum-routes 12000
       neighbor 46.71.57.71 remote-as 500
       neighbor 46.71.57.71 description ISP-A
       neighbor 46.71.57.71 send-community
       neighbor 46.71.57.71 maximum-routes 0
DC1#DC1#show ip bgp neighbors 46.46.46.85 routes
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      46.46.182.0/24         46.46.46.85           0       100     0       i
     * >      46.46.192.0/22         46.46.46.85           0       50      0       ?
     * >      46.46.195.0/24         46.46.46.85           0       50      0       i
     * >      46.46.200.200/32       46.46.46.85           0       100     0       i
     * >      50.50.50.1/32          46.46.46.85           0       100     0       i
     * >      50.50.55.0/24          46.46.46.85           0       50      0       i
     * >      50.50.64.0/22          46.46.46.85           0       100     0       i
     * >      50.100.50.0/25         46.46.46.85           0       50      0       i
     * >      50.107.64.0/18         46.46.46.85           0       100     0       i
DC1#

 

Inbound Route-Map configuration and Result post Route-Map application to neighbor and soft-clear

DC1#show route-map IBGP-NEIGHBOR-IN-POLICY
    route-map IBGP-NEIGHBOR-IN-POLICY permit 10
      Description:
      Match clauses:
        match ip address prefix-list SLASH-24-32
      SubRouteMap:
      Continue: sequence 30
      Set clauses:
        set community 64512:200
    route-map IBGP-NEIGHBOR-IN-POLICY permit 20
      Description:
      Match clauses:
      SubRouteMap:
      Set clauses:
    route-map IBGP-NEIGHBOR-IN-POLICY deny 30
      Description:
      Match clauses:
        match local-preference 50
      SubRouteMap:
      Set clauses:
DC1#show ip prefix-list SLASH-24-32
    ip prefix-list SLASH-24-32
        seq 5 permit 0.0.0.0/0 ge 24 le 32
DC1#
DC1#conf t
DC1(config)#router bgp 64512
DC1(config-router-bgp)#neighbor 46.46.46.85 route-map IBGP-NEIGHBOR-IN-POLICY in
DC1(config-router-bgp)#clear ip bgp 46.46.46.85 soft in
DC1(config-router-bgp)#
    

DC1#show ip bgp neighbors 46.46.46.85 routes | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      46.46.182.0/24         46.46.46.85           0       100     0       i
     * >      46.46.192.0/22         46.46.46.85           0       50      0       ?
     * >      46.46.200.200/32       46.46.46.85           0       100     0       i
     * >      50.50.50.1/32          46.46.46.85           0       100     0       i
     * >      50.50.64.0/22          46.46.46.85           0       100     0       i
     * >      50.107.64.0/18         46.46.46.85           0       100     0       i
DC1#

    DC1#show ip bgp community 64512:200 exact
    AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      46.46.182.0/24         46.46.46.85           0       100     0       i
     * >      46.46.200.200/32       46.46.46.85           0       100     0       i
     * >      50.50.50.1/32          46.46.46.85           0       100     0       i
DC1#

Result:

  1. From show ip bgp neighbors 46.46.46.85 routes it can be seen that all Local Preference 50 routes in the /24 – /32 range have been denied (50.100.50.0/25, 50.50.55.0/24, 46.46.195.0/24).
  2. From show ip bgp community 64512:200 exact it can be seen that all /24 – /32 routes received from the ibgp neighbor have been set with the Community 64512:200
  3. All other routes from this ibgp neighbor have been accepted as they are by the sequence 20 statement in the Route-Map

Inference :

When the Child sequence denies a match that’s permitted by the Parent Route-Map sequence, that route is effectively denied.

Scenario 4b) When Child Seq that denies route permitted by Parent, diverts to Permit Seq that allows it

When the Child sequence denies a match that’s permitted by the Parent sequence, and where this Child sequence has a continue that diverts evaluation of the matched route to another Child sequence that permits the route denied by the Upper Child sequence.

  • SET-UP: DC1 has an iBGP session with DC-1-CE-487 from which it gets 9 routes, 4 of which are  with Local Preference 50.
  • OBJECTIVE : To create an inbound policy to this ibgp neighbor which will
    1. Accept all /24-/32 networks and set a community 64512:200 on them.
    2. Block Local Preference 50 networks in the /24-/32 prefix range.

BGP configuration on DC1 and Current display of received routes from the iBGP neighbor DC2 (46.46.46.85)

 

DC1#show ip bgp summ
    BGP summary information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    Neighbor Status Codes: m - Under maintenance
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC2               46.46.46.85      4  64512           2105   1237226    0    0    1d05h Estab   13     13
      ISP-A                46.71.57.71      4  500          1737125      5247    0    0    1d05h Estab   485847 485847
DC1#
    

DC1#show run sec bgp | be router bgp
    router bgp 64512
       neighbor 46.46.46.85 remote-as 64512
       neighbor 46.46.46.85 next-hop-self
       neighbor 46.46.46.85 update-source Loopback1
       neighbor 46.46.46.85 description DC2
       neighbor 46.46.46.85 send-community
       neighbor 46.46.46.85 maximum-routes 12000
       neighbor 46.71.57.71 remote-as 500
       neighbor 46.71.57.71 description ISP-A
       neighbor 46.71.57.71 send-community
       neighbor 46.71.57.71 maximum-routes 0
DC1#

DC1#show ip bgp neighbors 46.46.46.85 routes
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      46.46.182.0/24         46.46.46.85           0       100     0       i
     * >      46.46.192.0/22         46.46.46.85           0       50      0       ?
     * >      46.46.195.0/24         46.46.46.85           0       50      0       i
     * >      46.46.200.200/32       46.46.46.85           0       100     0       i
     * >      50.50.50.1/32          46.46.46.85           0       100     0       i
     * >      50.50.55.0/24          46.46.46.85           0       50      0       i
     * >      50.50.64.0/22          46.46.46.85           0       100     0       i
     * >      50.100.50.0/25         46.46.46.85           0       50      0       i
     * >      50.107.64.0/18         46.46.46.85           0       100     0       i
DC1#

 

Inbound Route-Map configuration and Result post Route-Map application on neighbor and soft-clear

 

DC1#show route-map IBGP-NEIGHBOR-IN-POLICY
    route-map IBGP-NEIGHBOR-IN-POLICY permit 10
      Description:
      Match clauses:
        match ip address prefix-list SLASH-24-32
      SubRouteMap:
      Continue: sequence 30
      Set clauses:
        set community 64512:200
    route-map IBGP-NEIGHBOR-IN-POLICY permit 20
      Description:
      Match clauses:
      SubRouteMap:
      Set clauses:
    route-map IBGP-NEIGHBOR-IN-POLICY deny 30
      Description:
      Match clauses:
        match local-preference 50
      SubRouteMap:
      Continue: sequence 40
      Set clauses:
    route-map IBGP-NEIGHBOR-IN-POLICY permit 40
      Description:
      Match clauses:
        match ip address prefix-list SLASH-24
        match local-preference 50
      SubRouteMap:
      Set clauses:
DC1#show ip prefix-list SLASH-24-32
    ip prefix-list SLASH-24-32
        seq 5 permit 0.0.0.0/0 ge 24 le 32
DC1#show ip prefix-list SLASH-24
    ip prefix-list SLASH-24
        seq 5 permit 0.0.0.0/0 eq 24
DC1#
DC1#conf t
DC1(config)#router bgp 64512
DC1(config-router-bgp)#neighbor 46.46.46.85 route-map IBGP-NEIGHBOR-IN-POLICY in
DC1(config-router-bgp)#clear ip bgp * soft in
    ! Clearing all IPv4 and IPv6 peering sessions
DC1(config-router-bgp)#
   
DC1#show ip bgp neighbors 46.46.46.85 routes | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      46.46.182.0/24         46.46.46.85           0       100     0       i
     * >      46.46.192.0/22         46.46.46.85           0       50      0       ?
     * >      46.46.200.200/32       46.46.46.85           0       100     0       i
     * >      50.50.50.1/32          46.46.46.85           0       100     0       i
     * >      50.50.64.0/22          46.46.46.85           0       100     0       i
     * >      50.107.64.0/18         46.46.46.85           0       100     0       i
DC1#

DC1#show ip bgp community 64512:200 exact | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      46.46.182.0/24         46.46.46.85           0       100     0       i
     * >      46.46.200.200/32       46.46.46.85           0       100     0       i
     * >      50.50.50.1/32          46.46.46.85           0       100     0       i
DC1#  

Result :

  1. From show ip bgp neighbors 46.46.46.85 routes it can be seen that all Local Preference 50 routes in the /24 – /32 range have been denied. Even though the sequence 30 statement has a ‘continue 40’ in it and even though the sequence 40 statement permits /24 routes with Local Preference 50, these routes are effectively denied by the sequence 30 statement, and further evaluation of these routes with Local-Preference 50 stops here itself.
  2. From show ip bgp community 64512:200 exact it can be seen that all /24 – /32 routes received from the ibgp neighbor have been set with the community 64512:200.
  3. All other routes from this ibgp neighbor have been accepted as they are by the sequence 20 statement in the Route-Map.

Inference : Even when a Child sequence that denies a matched route, has a continue that references a sequence statement that permits that route, that route when matched by the first deny sequence statement is effectively denied there itself, and further evaluation of these routes is stopped.

Scenario 5) A Seq statement with continue followed by no (missing) seq number

When a Route-Map Sequence statement has a continue with (missing) no sequence number specified.

  • SET-UP : DC1 is redistributing 4 static routes into BGP.
  • OBJECTIVE :
    1. To match only /24 static routes that are redistributed into BGP and set a MED of 1500 on these.
    2. Prepend the local AS thrice on all outbound routes advertised to the eBGP peer ISP-1- 710.

List of static routes and Current display of routes advertised to the eBGP peer ISP-A:

 

DC1#show run | in ip route
    ip route 10.64.0.0/16 10.85.128.1
    ip route 10.80.0.0/12 10.85.128.1
    ip route 46.46.182.0/24 Null0
    ip route 46.46.195.0/24 Null0
    ip route 50.50.55.0/24 Null0
    ip route 172.16.0.0/12 10.85.128.1

DC1#show ip bgp summ | be Neighbor
    Neighbor Status Codes: m - Under maintenance
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC2               46.46.46.85      4  64512           2319   1251954    0    0    1d07h Estab   11     11
      ISP-A                46.71.57.71      4  500          1832833      5464    0    0    1d08h Estab   0      0
DC1#
DC1#show ip bgp neighbors  46.71.57.71 advertised-routes | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      10.64.0.0/16           46.71.57.57           -       -       -       64512 ?
     * >      10.80.0.0/12           46.71.57.57           -       -       -       64512 ?
     * >      46.46.64.0/22          46.71.57.57           -       -       -       64512 i
     * >      46.46.182.0/24         46.71.57.57           -       -       -       64512 ?
     * >      46.46.192.0/22         46.71.57.57           -       -       -       64512 ?
     * >      46.46.195.0/24         46.71.57.57           -       -       -       64512 ?
     * >      46.46.200.200/32       46.71.57.57           -       -       -       64512 i
     * >      50.50.55.0/24          46.71.57.57           -       -       -       64512 ?
     * >      50.107.64.0/18         46.71.57.57           -       -       -       64512 i
     * >      172.16.0.0/12          46.71.57.57           -       -       -       64512 ?

Configuration of the outbound route-map and its application towards the neighbor, and the result post soft clear of the session.

DC1#show route-map ISP-OUTBOUND-POLICY
    route-map ISP-OUTBOUND-POLICY permit 10
      Description:
      Match clauses:
        match ip address prefix-list SLASH-24
        match source-protocol static
      SubRouteMap:
      Continue: next sequence
      Set clauses:
        set metric 1500
    route-map ISP-OUTBOUND-POLICY permit 20
      Description:
      Match clauses:
      SubRouteMap:
      Set clauses:
        set as-path prepend 64512 64512 64512
 DC1(config)#show ip prefix-list SLASH-24
    ip prefix-list SLASH-24
        seq 5 permit 0.0.0.0/0 eq 24
DC1(config)#router bgp 64512
DC1(config-router-bgp)#redistribute  static
DC1(config-router-bgp)#neighbor 46.71.57.71 route-map ISP-OUTBOUND-POLICY out
DC1(config-router-bgp)#exit
DC1(config)#clear ip bgp 46.71.57.71 soft out
DC1(config)#

DC1(config)#show ip bgp neighbors 46.71.57.71 advertised-routes | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      10.64.0.0/16           46.71.57.57           -       -       -       64512 64512 64512 64512 ?
     * >      10.80.0.0/12           46.71.57.57           -       -       -       64512 64512 64512 64512 ?
     * >      46.46.64.0/22          46.71.57.57           -       -       -       64512 64512 64512 64512 i
     * >      46.46.182.0/24         46.71.57.57           1500    -       -       64512 64512 64512 64512 ?
     * >      46.46.192.0/22         46.71.57.57           -       -       -       64512 64512 64512 64512 ?
     * >      46.46.195.0/24         46.71.57.57           1500    -       -       64512 64512 64512 64512 ?
     * >      46.46.200.200/32       46.71.57.57           -       -       -       64512 64512 64512 64512 i
     * >      50.50.55.0/24          46.71.57.57           1500   -       -       64512 ?
     * >      50.107.64.0/18         46.71.57.57           -      -       -       64512 64512 64512 64512 i
     * >      172.16.0.0/12          46.71.57.57           -      -       -       64512 64512 64512 64512 ?
 

Result : Here all 3 static /24 static routes  (46.46.182.0/24, 46.46.195.0/24, 50.50.55.0/24) that are redistributed into BGP have the local-AS AS-Numbers prepended thrice, apart from getting MED 1500 set on them,

As the continue action in the sequence 10 statement of the outbound Route-Map references no number,  the evaluation of these routes moves on to the next sequence number where those 3 /24 static routes redistributed into BGP,

and all other outbound routes get AS-prepended thrice.

Inference : Routes that match a Parent sequence that has a ‘continue’ with no sequence number, will consequently face evaluation by the immediately next sequence.

 

Scenario 6) Same Match criteria in both Upper and Lower Child Seq’s, but different Match attribute values

If the attribute of the match criteria in a Lower or subsequent Child sequence statement, is the same as the attribute of the match criteria in the Upper Child Route-Map sequence, but if the value of that attribute in the match criteria is different in both Child sequences.

  • SET-UP : DC1 is receiving the full internet table from eBGP neighbor ISP-A including 33 routes that originate in AS 46164.
  • OBJECTIVE : To create an inbound policy towards this eBGP neighbor ISP-A that :
    1. Matches all routes originating in AS 46164 (i.e. regexp _46164$) and sets a community of 64512:46164 on them
    2. But those routes originating in AS 46164 and which are in the /17 to /19 prefix range should have these twin communities 64512:1719 64512:46164 set, along with Local Preference 200
    3. And those routes originating in AS 46164 and which are of prefix length /23 or /24 should have the twin communities 64512:2324 64512:46164 set along with Local Preference 300 
    4. All other routes are accepted as they are

BGP configuration on DC1 and Current display of routes from neighbor ISP-A (46.71.57.71) that originate in AS 46164

DC1#show ip bgp summ
    BGP summary information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    Neighbor Status Codes: m - Under maintenance
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC2               46.46.46.85      4  64512           9260   1529400    0    0    5d10h Estab   11     11
      ISP-A                46.71.57.71      4  500          2512739     12510    0    0    5d11h Estab   555174 555174
DC1#
DC1#show run sec bgp | be router bgp
    router bgp 64512
       neighbor 46.46.46.85 remote-as 64512
       neighbor 46.46.46.85 next-hop-self
       neighbor 46.46.46.85 update-source Loopback1
       neighbor 46.46.46.85 description DC2
       neighbor 46.46.46.85 send-community
       neighbor 46.46.46.85 maximum-routes 12000
       neighbor 46.71.57.71 remote-as 500
       neighbor 46.71.57.71 description ISP-A
       neighbor 46.71.57.71 send-community
       neighbor 46.71.57.71 maximum-routes 0
       redistribute static
  

DC1#show ip bgp neighbors 46.71.57.71 routes regexp _46164$ | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      4.23.88.0/23           46.71.57.71           0       100     0       500 65510 6453 7018 46164 i 
     * >      4.23.88.0/24           46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      4.23.92.0/22           46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      4.38.0.0/20            46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      4.38.0.0/21            46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      107.250.128.0/17       46.71.57.71           0       100     0       500 65510 6453 3356 46164 i
     * >      107.250.192.0/19       46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      155.165.128.0/17       46.71.57.71           0       100     0       500 65510 6453 3356 46164 i
     * >      155.165.128.0/19       46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      199.4.236.0/23         46.71.57.71           0       100     0       500 65510 6453 7018 46164 i

The configuration of route-map ISP-INBOUND-POLICY.

DC1#show route-map ISP-INBOUND-POLICY
    route-map ISP-INBOUND-POLICY permit 10
      Description:
      Match clauses:
        match as-path NETWORKS-OF-46164
      SubRouteMap:
      Continue: sequence 30
      Set clauses:
        set community 64512:46164
    route-map ISP-INBOUND-POLICY permit 20
      Description:
      Match clauses:
      SubRouteMap:
      Set clauses:
    route-map ISP-INBOUND-POLICY permit 30
      Description:
      Match clauses:
        match ip address prefix-list SLASH-17-19
      SubRouteMap:
      Continue: sequence 40
      Set clauses:
        set local-preference 200
        set community 64512:1719 64512:46164
    route-map ISP-INBOUND-POLICY permit 40
      Description:
      Match clauses:
        match ip address prefix-list SLASH23-24
      SubRouteMap:
      Set clauses:
        set local-preference 300
        set community 64512:2324 64512:46164
DC1#show ip as-path access-list NETWORKS-OF-46164
    AS-path entry codes: # - entry is invalid in the current regex mode (asn)
    ip as-path regex-mode asn
      ip as-path access-list NETWORKS-OF-46164 permit _46164$ any
DC1#show ip prefix-list SLASH-17-19
    ip prefix-list SLASH-17-19
        seq 5 permit 0.0.0.0/0 ge 17 le 19
DC1#show ip prefix-list SLASH23-24
    ip prefix-list SLASH23-24
        seq 5 permit 0.0.0.0/0 ge 23 le 24
DC1#

So in the above route-map, the attribute of the match criteria of the Upper Child Sequence 30, is the 
same as the attribute of the match criteria of the Lower Child Sequence 40, since both these Sequences
match on prefix-lists. But the values of the attributes of the match criteria are different in the sense
that Child sequence 30 matches on /17-/19 prefixes, while Child sequence 40 matches on /23-/24 prefixes.
The application of this inbound route-map to the neighbor and the result post soft clear of the session

DC1#conf t
DC1(config)#router bgp 64512
DC1(config-router-bgp)#neighbor 46.71.57.71 route-map ISP-INBOUND-POLICY in
DC1(config-router-bgp)#clear ip bgp 46.71.57.71 soft in
DC1(config-router-bgp)#
DC1#

   DC1#show ip bgp neighbors 46.71.57.71 routes community 64512:46164 exact | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      4.23.92.0/22           46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      4.38.0.0/20            46.71.57.71           0       100     0       500 65510 6453 7018 46164 i
     * >      4.38.0.0/21            46.71.57.71           0       100     0       500 65510 6453 7018 46164 i

DC1#

DC1#show ip bgp neighbors 46.71.57.71 routes community 64512:1719 64512:46164 exact | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      107.250.128.0/17       46.71.57.71           0       200     0       500 65510 6453 3356 46164 i
     * >      107.250.192.0/19       46.71.57.71           0       200     0       500 65510 6453 7018 46164 i
     * >      155.165.128.0/17       46.71.57.71           0       200     0       500 65510 6453 3356 46164 i
     * >      155.165.128.0/19       46.71.57.71           0       200     0       500 65510 6453 7018 46164 i
DC1#DC1#show ip bgp neighbors 46.71.57.71 routes community 64512:2324 64512:46164 exact | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      4.23.88.0/23           46.71.57.71           0       300     0       500 65510 6453 7018 46164 i
     * >      4.23.88.0/24           46.71.57.71           0       300     0       500 65510 6453 7018 46164 i
     * >      199.4.236.0/23         46.71.57.71           0       300     0       500 65510 6453 7018 46164 i
DC1#

 

DC1#show ip bgp summ
    BGP summary information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    Neighbor Status Codes: m - Under maintenance
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC2               46.46.46.85      4  64512           9268   1529429    0    0    5d10h Estab   11     11
      ISP-A                46.71.57.71      4  500          2592885     12518    0    0    5d11h Estab   555174 555174
DC1#

Display of some general routes received from the peer post soft-clear of the session.

DC1#show ip bgp neighbors 46.71.57.71 routes | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      1.0.0.0/24             46.71.57.71           0       100     0       500 65510 15169 i
     * >      1.0.4.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 i
     * >      1.0.5.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 i
     * >      1.0.6.0/24             46.71.57.71           0       100     0       500 65510 6939 4826 38803 56203 56203 56203 i
     * >      1.0.7.0/24             46.71.57.71           0       100     0       500 65510 6453 4637 1221 38803 i
     * >      1.0.38.0/24            46.71.57.71           0       100     0       500 65510 1299 9505 24155 i
     * >      1.0.64.0/18            46.71.57.71           0       100     0       500 65510 2914 2497 7670 7670 18144 i

 

 

Result

  1. From the output of show ip bgp neighbors 46.71.57.71 routes community 64512:2324 64512:46164 exact, it can be seen that Local Preference 300 and twin communities 64512:2324 64512:46164 have been assigned by the seq 40 statement to all /23 and /24 routes that originate in AS 46164. So here the match condition of sequence 40 was not seen as a subset of the match condition of the upper Child sequence 30 statement which matched the /17 to /19 networks originating in AS 46164, but was seen as rather a subset of the match condition of the Parent sequence 10 statement (since the prefix range /17-/19 is obviously not a sub-range of the prefix range /23-/24)
  2. From show ip bgp summ, it can be seen that the number of routes accepted after the change is the same as the number of routes accepted before from the eBGP peer ISP-A.
  3. From show ip bgp neighbors 46.71.57.71 routes it can be seen that all other routes from the eBGP peer ISP-A are accepted as they are by the sequence 20 statement.

Inference: If the attribute of the match criteria in a Lower Child Route-Map sequence statement, is the same as the attribute of the match criteria in the Upper Child Route-Map sequence, but if the value of that attribute in the match criteria is different in both sequences, the match criteria in the Lower Child Route-Map sequence is considered as a subset of the match criteria of the Parent Route-Map sequence.

 

 

Scenario 7) Lower Child Seq permits route not matched by Upper Child Seq, thats allowed by Parent

Where a Child sequence with a continue denies a match permitted by the Parent Route-Map sequence, but the Lower Child Route-Map sequence permits another match not matched nor denied by the Upper Child Route-Map but permitted by the Parent Route-Map

  • SET-UP : DC1 is receiving the full internet table from the eBGP neighbor ISP-A including many routes that originate in AS 51043, and also routes that transit through both these AS’s 15412 and  33788 with regexp (_15412_33788_)
  • OBJECTIVE : To create an inbound policy towards this eBGP neighbor ISP-A that :
    1. Matches all networks that transit through (_15412_33788_) and sets a weight of 500 on them.
    2. If any of these (_15412_33788_) networks have AS 1299 before in the AS-PATH, then those networks should be denied.
    3. If any of these (_15412_33788_) networks have AS 2914 before in the AS-PATH, then those networks should be allowed and have local-preference 300 set on them.
    4. All networks that originate in AS 51043 and which are in the range /22 to /24 should be set with a weight of 500 on them.
    5. But just 2 of these /24 networks that originate in AS 51043 should be dropped – 185.59.180.0/24 and 185.59.181.0/24.
    6. All /23 networks that originate in AS 51043 should have local-preference 300 set on them
    7. All other routes should be accepted as they are.

 

BGP configuration on DC1 and current display of routes from the eBGP peer ISP-A that match regexp _15412_33788, and also regexp _51043$

DC1#show ip bgp summ | be Description
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC2               46.46.46.85      4  64512          15465   2803294    0    0    9d01h Estab   11     11
      ISP-A                46.71.57.71      4  500          4757406     18703    0    0    9d02h Estab   555174 555174
DC1#
    DC1#show run sec bgp | be router bgp
    router bgp 64512
       neighbor 46.46.46.85 remote-as 64512
       neighbor 46.46.46.85 next-hop-self
       neighbor 46.46.46.85 update-source Loopback1
       neighbor 46.46.46.85 description DC2
       neighbor 46.46.46.85 send-community
       neighbor 46.46.46.85 maximum-routes 12000
       neighbor 46.71.57.71 remote-as 500
       neighbor 46.71.57.71 description ISP-A
       neighbor 46.71.57.71 send-community
       neighbor 46.71.57.71 maximum-routes 0
       redistribute static

DC1#show ip bgp neighbors 46.71.57.71 routes regex _15412_33788_ | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      41.67.12.0/22          46.71.57.71           0       100     0       500 65510 1299 15412 33788 33788 33788 33788 33788 33788 37197 i
     * >      41.67.40.0/22          46.71.57.71           0       100     0       500 65510 1299 15412 33788 33788 33788 33788 33788 33788 37197 i
     * >      41.78.108.0/22         46.71.57.71           0       100     0       500 65510 1299 15412 33788 37211 37211 37211 37211 37211 i
     * >      41.78.109.0/24         46.71.57.71           0       100     0       500 65510 1299 15412 33788 37211 37211 37211 37211 37211 i
     * >      41.223.160.0/24        46.71.57.71           0       100     0       500 65510 2914 15412 33788 36972 i
     * >      154.97.0.0/17          46.71.57.71           0       100     0       500 65510 2914 15412 33788 36998 i
     * >      196.29.160.0/19        46.71.57.71           0       100     0       500 65510 2914 15412 33788 i
     * >      196.29.162.0/24        46.71.57.71           0       100     0       500 65510 2914 15412 33788 i
     * >      196.29.163.0/24        46.71.57.71           0       100     0       500 65510 2914 15412 33788 i


   DC1#show ip bgp neighbors 46.71.57.71 routes regex _51043$ | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      5.22.136.0/21          46.71.57.71           0       100     0       500 65510 6453 174 51043 i
     * >      5.22.136.0/22          46.71.57.71           0       100     0       500 65510 6453 174 51043 i
     * >      178.23.128.0/21        46.71.57.71           0       100     0       500 65510 6453 174 51043 i
     * >      178.23.129.0/24        46.71.57.71           0       100     0       500 65510 6453 174 51043 i
     * >      178.23.130.0/23        46.71.57.71           0       100     0       500 65510 6453 3257 5089 51043 i
     * >      185.59.180.0/24        46.71.57.71           0       100     0       500 65510 6453 3257 5089 51043 i
     * >      185.59.181.0/24        46.71.57.71           0       100     0       500 65510 6453 174 51043 i

DC1#

Inbound Route-Map configuration to be applied on the eBGP ISP neighbor DC1

DC1#show route-map ISP-INBOUND-POLICY
    route-map ISP-INBOUND-POLICY permit 10
      Description:
      Match clauses:
        match as-path 15412-33788-TRANSIT-NETWORKS
      SubRouteMap:
      Continue: sequence 40
      Set clauses:
        set weight 500
    route-map ISP-INBOUND-POLICY permit 20
      Description:
      Match clauses:
        match ip address prefix-list SLASH-22-24
        match as-path NETWORKS-OF-51043
      SubRouteMap:
      Continue: sequence 60
      Set clauses:
        set weight 500
    route-map ISP-INBOUND-POLICY permit 30
      Description:
      Match clauses:
      SubRouteMap:
      Set clauses:
    route-map ISP-INBOUND-POLICY deny 40
      Description:
      Match clauses:
        match as-path 1299-TRANSIT
      SubRouteMap:
      Continue: sequence 50
      Set clauses:
    route-map ISP-INBOUND-POLICY permit 50
      Description:
      Match clauses:
        match as-path 2914-TRANSIT
      SubRouteMap:
      Set clauses:
        set local-preference 300
    route-map ISP-INBOUND-POLICY deny 60
      Description:
      Match clauses:
        match ip address prefix-list SLASH-24-185-NETWORKS
      SubRouteMap:
      Continue: next sequence
      Set clauses:
    route-map ISP-INBOUND-POLICY permit 70
      Description:
      Match clauses:
        match ip address prefix-list SLASH-23
      SubRouteMap:
      Set clauses:
        set local-preference 300
DC1#

DC1#show ip as-path access-list 15412-33788-TRANSIT-NETWORKS
    AS-path entry codes: # - entry is invalid in the current regex mode (asn)
    ip as-path regex-mode asn
      ip as-path access-list 15412-33788-TRANSIT-NETWORKS permit _15412_33788_ any
DC1#
DC1#show ip prefix-list SLASH-22-24
    ip prefix-list SLASH-22-24
        seq 10 permit 0.0.0.0/0 ge 22 le 24
DC1#
DC1#show ip as-path access-list NETWORKS-OF-51043
    AS-path entry codes: # - entry is invalid in the current regex mode (asn)
    ip as-path regex-mode asn
      ip as-path access-list NETWORKS-OF-51043 permit _51043$ any
DC1#
DC1#show ip as-path access-list 1299-TRANSIT
    AS-path entry codes: # - entry is invalid in the current regex mode (asn)
    ip as-path regex-mode asn
      ip as-path access-list 1299-TRANSIT permit _1299_[0-9]*_15412_ any
DC1#
DC1#show ip as-path access-list 2914-TRANSIT
    AS-path entry codes: # - entry is invalid in the current regex mode (asn)
    ip as-path regex-mode asn
      ip as-path access-list 2914-TRANSIT permit _2914_[0-9]*_15412_ any
DC1#
DC1#show ip prefix-list SLASH-24-185-NETWORKS
    ip prefix-list SLASH-24-185-NETWORKS
        seq 5 permit 185.59.180.0/24
        seq 10 permit 185.59.181.0/24
DC1#
DC1#show ip prefix-list SLASH-23
    ip prefix-list SLASH-23
        seq 10 permit 0.0.0.0/0 eq 23
DC1#

 

Application of Inbound Route-Map policy on the neighbor and result post-clear of the session.

 

DC1#conf t
DC1(config)#router bgp 64512
DC1(config-router-bgp)#neighbor 46.71.57.71 route-map ISP-INBOUND-POLICY in
DC1(config-router-bgp)#clear ip bgp 46.71.57.71 soft in
DC1(config-router-bgp)#DC1#show ip bgp neighbors 46.71.57.71 routes regex _15412_33788_ | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      41.223.160.0/24        46.71.57.71           0       300     500     500 65510 2914 15412 33788 36972 i
     * >      154.97.0.0/17          46.71.57.71           0       300     500     500 65510 2914 15412 33788 36998 i
     * >      196.29.160.0/19        46.71.57.71           0       300     500     500 65510 2914 15412 33788 i
     * >      196.29.162.0/24        46.71.57.71           0       300     500     500 65510 2914 15412 33788 i
     * >      196.29.163.0/24        46.71.57.71           0       300     500     500 65510 2914 15412 33788 i

DC1#DC1#show ip bgp neighbors 46.71.57.71 routes regex _51043$ | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      5.22.136.0/21          46.71.57.71           0       100     0       500 65510 6453 174 51043 i
     * >      5.22.136.0/22          46.71.57.71           0       100     500     500 65510 6453 174 51043 i
     * >      178.23.128.0/21        46.71.57.71           0       100     0       500 65510 6453 174 51043 i
     * >      178.23.129.0/24        46.71.57.71           0       100     500     500 65510 6453 174 51043 i
     * >      178.23.130.0/23        46.71.57.71           0       300     500     500 65510 6453 3257 5089 51043 i

DC1#show ip bgp neighbors 46.71.57.71 routes regex _1299_[0-9]*_15412_ | be Network
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      1.186.208.0/24         46.71.57.71           0       100     0       500 65510 1299 15412 18101 45769 i
     * >      1.200.72.0/21          46.71.57.71           0       100     0       500 65510 1299 15412 24157 24157 i
     * >      1.200.80.0/21          46.71.57.71           0       100     0       500 65510 1299 15412 24157 24157 i
     * >      1.200.104.0/21         46.71.57.71           0       100     0       500 65510 1299 15412 24157 i
     * >      2.177.0.0/16           46.71.57.71           0       100     0       500 65510 1299 15412 12880 12880 12880 12880 12880 12880 12880 i
     * >      2.178.0.0/16           46.71.57.71           0       100     0       500 65510 1299 15412 12880 i

Display of BGP routes with regex _2914_[0-9]*_15412_

DC1#show ip bgp regex _2914_[0-9]*_15412_
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      1.186.49.0/24          46.71.57.71           0       100     0       500 65510 2914 15412 18101 45769 i
     * >      1.186.50.0/24          46.71.57.71           0       100     0       500 65510 2914 15412 18101 45769 i
     * >      1.186.51.0/24          46.71.57.71           0       100     0       500 65510 2914 15412 18101 45769 i
     * >      1.186.52.0/24          46.71.57.71           0       100     0       500 65510 2914 15412 18101 45769 i
     * >      1.186.53.0/24          46.71.57.71           0       100     0       500 65510 2914 15412 18101 45769 i
     * >      1.186.54.0/24          46.71.57.71           0       100     0       500 65510 2914 15412 18101 45769 i
     * >      1.186.55.0/24          46.71.57.71           0       100     0       500 65510 2914 15412 18101 45769 i

Display of routes that transit through AS 2914

DC1#show ip bgp regex _2914_ | head -50
              Network                Next Hop              Metric  LocPref Weight  Path
     * >      1.0.64.0/18            46.71.57.71           0       100     0       500 65510 2914 2497 7670 7670 18144 i
     * >      1.1.126.0/24           46.71.57.71           0       100     0       500 65510 2914 2519 i
     * >      1.2.4.0/24             46.71.57.71           0       100     0       500 65510 2914 4641 24151 i
     * >      1.3.33.0/24            46.71.57.71           0       100     0       500 65510 2914 3491 133741 i
     * >      1.3.35.0/24            46.71.57.71           0       100     0       500 65510 2914 3491 133741 i
     * >      1.8.1.0/24             46.71.57.71           0       100     0       500 65510 2914 4641 38345 i
DC1#
DC1#show ip bgp summ
    BGP summary information for VRF default
    Router identifier 46.46.46.57, local AS number 64512
    Neighbor Status Codes: m - Under maintenance
      Description              Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
      DC2               46.46.46.85      4  64512          15490   2803356    0    0    9d02h Estab   11     11
      ISP-A                46.71.57.71      4  500          4917709     18730    0    0    9d02h Estab   555174 555163
DC1#

 

Result:

  1. From the output of show ip bgp neighbors 46.71.57.71 routes regexp _15412_33788_, It can be seen that all these routes which also have AS 2914 in their AS-PATH have Weight 500 and Local-Preference 300 set, as a result of sequence 10 and 50 statements.
  2. _15412_33788_Routes that have AS 1299 in their AS-PATH have been denied as a result of seq 40.
  3. From the output of show ip bgp neighbors 46.71.57.71 routes regex _1299_[0-9]*_15412_ it can be seen that other routes that have 1299 followed by 15412 anywhere in the AS path after 1299 (and which do not have 33788 in their AS-PATH) , have been accepted with no attribute changes, just as all other routes have been accepted without any changes by sequence 30, as can be seen in the count of routes received in show ip bgp summ.
  4. From the output of show ip bgp regex _2914_, and also show ip bgp regex _2914_[0-9]*_15412_ we can see that all routes that have 2914 in their AS-PATH but which do not have AS 33788 are accepted without any modification by the sequence 30 statement.
  5. Sequence 60 denies those 2 185.x.x.x/24 routes that are part of the match condition of the Parent Route-Map sequence 20, and the continue in sequence 60 causes the the evaluation to proceed to the next sequence statement (sequence 70) where the /23 networks that are part of the match condition of the Parent Route-Map sequence 20 are matched and a local-preference of 300 is set on them.
  6. Likewise, the sequence 40 statement denies any _15412_33788_ networks (the match condition of the parent Route-Map sequence 10 that have AS 1299 as a transit AS (anywhere before _15412_33788_) in their AS-PATH, and the continue 50 in this sequence diverts evaluation to the sequence 50 statement that accepts any _15412_33788_ networks (the match condition of the parent Route-Map sequence 10) which have AS 2914 as a transit AS (anywhere before _15412_33788_) in their AS-PATH, and sets a local-preference of 300 on them.

Inference: When a Child sequence with a continue denies a match permitted by the Parent sequence, but the Lower Child Route-Map sequence permits a match not matched nor denied by the Upper Child sequence but permitted by the Parent sequence, then that route is accepted and acted upon by the set commands in both the Parent Route-Map sequence and also the Lower Child Route-Map sequence.

Limitations

In a route-map sequence you cannot specify the continue command followed by a sequence number that is less than the current route-map sequence.

Doing so would display the following error up command execution – % Loop in the routemap.

And the display of the configuration of such a route-map will not show the continue command in that particular sequence, which in other words means that it will neither be configured and nor will take effect in that route-map.

 

 

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: