Embedded Files
Displaying rejected BGP routes
BGP speakers negotiate Route-Refresh capability by default in the Open messages sent when the peers establish a TCP session. If one or both BGP speaker(s) do not support Route-Refresh capability, soft reconfiguration needs to be configured manually.
The Route-Refresh capability is used to request routes from a neighbor using clear ip bgp <neighbor-ip-address> in command. This command requests complete BGP table from the neighbor without clearing the BGP session. It is used after changes in configuration to update the BGP table. It saves on memory since the existing BGP table is not stored on the router. The traditional way of achieving this is to clear the BGP session using clear ip bgp * command.
If Route-Refresh capability is not available, soft reconfiguration is configured on the peers using neighbor <ip-address> soft-reconfiguration inbound command. The advantage of soft-reconfiguration is that a router stores a copy of the BGP routes that it receives from a neighbor. However, that is also its disadvantage since a router stores a copy of all BGP routes that it receives from each of its neighbors, essentially, consuming a lot of memory. If a BGP router wish to receive a copy of BGP routes from its neighbor after a configuration change, it uses clear ip bgp <neighbor-ip-address> [soft] in command. The soft keyword is optional since the router assumes soft-reset in case Route-Refresh capability is not available.
Now, in Cisco IOS, there is no way to find out what BGP routes were rejected by the router that it received from its neighbors. However, the workaround is to use soft-reconfiguration on BGP peers. As mentioned above, with soft-reconfiguration, a BGP router stores a copy of routes that it receives from its BGP neighbor. With the help of two commands, a difference can be taken to find out the rejected routes.
1) show ip bgp neighbors <neighbor-ip-address> received-routes command displays all BGP received- routes (both accepted and rejected).
2) show ip bgp neighbors <neighbor-ip-address> routes command displays all BGP received-routes that are accepted after filtering (using route-maps, distribute-lists or prefix-lists).
The difference of both command outputs will provide the rejected routes.
Note
To use show ip bgp neighbors <neighbor-ip-address> received-routes and show ip bgp neighbors <neighbor-ip-address> routes commands, the neighbor soft-reconfiguration inbound command is a pre-requisite.
Consider the following-
Two BGP routers are connected via eBGP. Router1 is configured to reject route 4.4.4.4/32 received from Router2.
Router1-interface fastethernet 0/0 ip address 192.168.1.1 255.255.255.252!interface Loopback0 ip address 1.1.1.1 255.255.255.255!router bgp 100 neighbor 192.168.1.2 remote-as 200 neighbor 192.168.1.2 route-map REJECT in neighbor 192.168.1.2 soft-reconfiguration inbound network 1.1.1.1 mask 255.255.255.255!route-map REJECT deny 10 match ip address 10!route-map REJECT permit 20!access-list 10 permit host 4.4.4.4! Router2-interface fastethernet 0/0 ip address 192.168.1.2 255.255.255.252!interface Loopback0 ip address 2.2.2.2 255.255.255.255!interface Loopback1 ip address 3.3.3.3 255.255.255.255!interface Loopback2 ip address 4.4.4.4 255.255.255.255!router bgp 200 neighbor 192.168.1.1 remote-as 100 neighbor 192.168.1.1 soft-reconfiguration inbound network 2.2.2.2 mask 255.255.255.255 network 3.3.3.3 mask 255.255.255.255 network 4.4.4.4 mask 255.255.255.255!When the BGP session is established, the BGP peers exchange the routes. Since Router1 is configured with an inbound route-map that rejects 4.4.4.4/32 prefix, it is not stored in its BGP table.
Router1 BGP output
Router1#show ip bgp summaryBGP router identifier 1.1.1.1, local AS number 100BGP table version is 5, main routing table version 54 network entries using 468 bytes of memory4 path entries using 208 bytes of memory3/3 BGP path/bestpath attribute entries using 372 bytes of memory1 BGP AS-PATH entries using 24 bytes of memory0 BGP route-map cache entries using 0 bytes of memory0 BGP filter-list cache entries using 0 bytes of memoryBGP using 1072 total bytes of memory1 received paths for inbound soft reconfigurationBGP activity 12/8 prefixes, 12/8 paths, scan interval 60 secsNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd192.168.1.2 4 200 19 17 0 0 0 00:00:21 2Router1# show ip bgpBGP table version is 5, local router ID is 1.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path*> 1.1.1.1/32 0.0.0.0 0 32768 i*> 2.2.2.2/32 192.168.1.2 0 0 200 i*> 3.3.3.3/32 192.168.1.2 0 0 200 iAs it can be seen that Router1 does not install 4.4.4.4/32 in its BGP table. To view all BGP received-routes (both accepted and rejected), the show ip bgp neighbors 192.168.1.2 received-routes command.
show ip bgp neighbor 192.168.1.2 received-routes
Router1#show ip bgp neighbors 192.168.1.2 received-routesBGP table version is 5, local router ID is 1.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path*> 2.2.2.2/32 192.168.1.2 0 0 200 i*> 3.3.3.3/32 192.168.1.2 0 0 200 i* 4.4.4.4/32 192.168.1.2 0 0 200 iTotal number of prefixes 3The accepted and stored BGP routes can be viewed using show ip bgp neighbor 192.168.1.2 routes command.
show ip bgp neighbor 192.168.1.2 routes
Router1# show ip bgp neighbors 192.168.1.2 routesBGP table version is 5, local router ID is 1.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path*> 2.2.2.2/32 192.168.1.2 0 0 200 i*> 3.3.3.3/32 192.168.1.2 0 0 200 iTotal number of prefixes 2Obviously, since the number of routes are less here, it is easy to compare the two outputs. But it would be really difficult to compare if a BGP peer receives hundreds or even thousands of routes. An EEM applet or a TCL script can be implemented to perform the difference and present the output in a readable form.
EEM applet
event manager applet BGP_REJECTED_ROUTES
event none
action 1.0 cli command "show ip bgp neighbors 192.168.1.2 received-routes | redirect tftp://10.210.3.216/received-routes.txt"
action 2.0 cli command "show ip bgp neighbors 192.168.1.2 routes | redirect tftp://10.210.3.216/routes.txt"
action 3.0 cli command "show archive config differences tftp://10.210.3.216/received-routes.txt tftp://10.210.3.216/routes.txt"
action 4.0 puts $_cli_result
!
Since there is no event described (event none), this EEM will be triggered using event manager run BGP_REJECTED_ROUTES command from Exec-mode. The disadvantage here is that the BGP neighbor is configured manually, and since an EEM applet cannot accept user-input, a TCL script is required which can accept specific BGP neighbor IP address.
Page updated
Google Sites
Report abuse