This topic is to discuss the following lesson:
I think that it is a errata:
This prefix-list checks the entire 2001::/16 range and permits subnets with a /64 or larger.It should be:
This prefix-list checks the entire 2001::/16 range and permits subnets with a /64 o smaller
Thanks for the message, this sentence is correct though. Take a look at the prefix-list:
ipv6 prefix-list SMALL_NETWORKS permit 2001::/16 le 64
The “le 64” part means that it will match /64, /63, /62, /61, /60, etc. All of these are “larger” subnets than /64.
you might want to fix the BGP configuration for R2
R2(config)#router bgp 1 R2(config-router)#bgp router-id 184.108.40.206 R2(config-router)#neighbor 2001:db8:0:12::1 remote-as 2 R2(config-router)#address-family ipv6 R2(config-router-af)#neighbor 2001:db8:0:12::2 activate
Thanks Georgi! Just fixed it.
I was doing a LAB and I discovered something interesting and I wanted to ask you why:
which is the difference to have the next route-map here:
router bgp 21 no synchronization bgp router-id 220.127.116.11 bgp log-neighbor-changes neighbor 2001:DB8:12::1 remote-as 20 neighbor 2001:DB8:12::1 route-map BLOCK_MAP in <------------ no auto-summary ! address-family ipv6 neighbor 2001:DB8:12::1 activate neighbor 2001:DB8:12::1 prefix-list NET64 in exit-address-family
router bgp 21 no synchronization bgp router-id 18.104.22.168 bgp log-neighbor-changes neighbor 2001:DB8:12::1 remote-as 20 no auto-summary ! address-family ipv6 neighbor 2001:DB8:12::1 activate neighbor 2001:DB8:12::1 prefix-list NET64 in neighbor 2001:DB8:12::1 route-map BLOCK_MAP in <------
Both, the router accept the commands but only with the second one works perfectly.
I’d have to test this to confirm it but when you configure it under the main BGP process then it only applies to the IPv4 address family, even though you can establish a neighbor adjacency through IPv6.
The IPv6 address family is where you configure everything…including route-maps.
If you want to confirm this, you can advertise some IPv4 prefixes…see if the route-map matches your IPv4 routes. I think it will.
Is this order of operation apply on with IP6 filtering only?
The order of operation is the same for IPv4 as well.
I hope this has been helpful.
Cisco documentation from 2016 provides different order for outbound filtering:
For inbound updates the order of preference is:
For outbound updates the order of preference is:
filter-list route-map | unsuppress-map advertise-map (conditional-advertisement) prefix-list|distribute-list ORF prefix-list (a prefix-list the neighbor sends us)
Thanks for sharing this Danil, These things sometimes change, depending on the platform and/or IOS version
@ReneMolenaar @lagapides have a question concerning the filter-list filtering. This may sound like a silly question. Why did you do the configurations to add AS 11 to the AS path out going 2001:db8:0:1::/64 traffic on R1. Why didn’t you do it on router R2?.
R1(config)#router bgp 1 R1(config-router)#address-family ipv6 R1(config-router-af)#**neighbor 2001:db8:0:12::2** route-map PREPEND out
Since we are using the neighbor command. Shouldn’t the command be affecting the neighbor router and not the local router. Please, i need clarification.
The PREPEND command will add AS 11 to the AS path when R1 advertises the specific route to R2. So if R1 tells R2 that the path to the destination is through AS1 and AS11, then these two ASs will be added to the BGP table of R2 which is what we want to do.
I hope this has been helpful!
@lagapides I understand. I am just a little bit confuse because when you use the neighbor command, it is most time used to configure things on neighbor router. But in this case, it is used to configure AS-PATH on the local Router (R1). What if instead of doing:
R1(config)#neighbor 2001:db8:0:12::2 route-map PREPEND out
i do the configurations from R2. I configure the ipv6 prefix-list and route-map on R2 and then use the command;
R2(config)#neighbor 2001:db8:0:12::1 route-map PREPEND out
Will this also work?.
I understand your confusion. When you implement the neighbor command, it is used to create the neighbor relationship. It is also used to configure parameters that pertain to the relationship. But it is never used to configure anything on the neighboring router. Whenever a route map is used in a network command, it always filters the advertisements on that relationship. The in or out keywords indicate which direction is filtered.
Now if you were to implement the command you state above, it would enable filtering for the advertisement of routes from R2 to R1. It does not affect the local BGP table, but it affects what information is sent to R1.
Now one option would be to use the same command but use the in keyword instead. This would work, but is not best practice, because it requires that the advertisement be sent, (which uses both CPU and bandwidth) and that it be filtered locally, (which uses CPU). It’s always better to filter closer to the source.
I hope this has been helpful!
@lagapides thank you for clearing that out. That helped me a lot. Now i have a better understanding.
There is an error in your last configuration on R1.
hostname R1 ! ipv6 unicast-routing ! interface FastEthernet0/0 ipv6 address 2001:DB8:0:12::1/64 ! interface Loopback0 ipv6 address 2001:DB8:0:1::1/64 ! interface Loopback1 ipv6 address 2001:DB8:0:11::1/64 ! interface Loopback2 ipv6 address 2001:DB8:0:111::1/64 ! interface Loopback3 ipv6 address 2001:DB8:0:1111::1/64 ! router bgp 1 bgp router-id 22.214.171.124 bgp log-neighbor-changes neighbor 2001:DB8:0:12::2 remote-as 2 ! address-family ipv4 neighbor 2001:DB8:0:12::2 activate neighbor 2001:DB8:0:12::2 route-map PREPEND out exit-address-family ! address-family ipv6 network 2001:DB8:0:1::/64 network 2001:DB8:0:11::/64 network 2001:DB8:0:111::/64 network 2001:DB8:0:1111::/96
interface Loopback3 ipv6 address 2001:DB8:0:1111::1/64
must be /96 to be advertised by MP-BGP.
Thank you Giovanni, I just fixed this.
It’s not a requirement to type it. Here’s an example:
Router(config)#ipv6 access-list THIRD_LOOPBACK Router(config-ipv6-acl)#permit 2001:db8:0:11::/64 any
The router adds
Router#show access-lists THIRD_LOOPBACK IPv6 access list THIRD_LOOPBACK permit ipv6 2001:DB8:0:11::/64 any sequence 10