OPERATIONAL DEFECT DATABASE
...
...
When applying an outbound route-map in an OSPF L3Out matching BGP community (to deny vpnv4 path matching that community) towards OSPF. Community filtering works well for all BGP path or transit prefix. However it also filters all BD subnets to be sent out on OSPF.
Configure an outbound route-map in OSPF L3out to deny routes by matching BGP community
Issue is not seen if 0.0.0.0/0 le 32 And community are used. You don't need to specify exact prefix as we have aggregate "0.0.0.0/0 le 32" leaf2# show route-map exp-ctx-proto-2654211 route-map exp-ctx-proto-2654211, deny, sequence 16401 Match clauses: ip address prefix-lists: IPv4-proto38-2654211-agg-ext-out-Test-MATCH-Community2MatchComm1MATCH-COMM-dst ipv6 address prefix-lists: IPv6-deny-all community (community-list filter): proto38-2654211-agg-ext-out-Test-MATCH-Community2MatchComm1MATCH-COMM-rgcom Set clauses: metric-type type-1 route-map exp-ctx-proto-2654211, permit, sequence 16601 Match clauses: ip address prefix-lists: IPv4-proto38-2654211-agg-ext-out-Test-MATCH-Community2match1mtch-dst ipv6 address prefix-lists: IPv6-deny-all Set clauses: tag 4294967295 leaf2# show ip prefix-list IPv4-proto38-2654211-agg-ext-out-Test-MATCH-Community2MatchComm1MATCH-COMM-dst ip prefix-list IPv4-proto38-2654211-agg-ext-out-Test-MATCH-Community2MatchComm1MATCH-COMM-dst: 1 entries seq 1 permit 0.0.0.0/0 le 32 bdsol-aci32-leaf2# leaf2# show ip community-list proto38-2654211-agg-ext-out-Test-MATCH-Community2MatchComm1MATCH-COMM-rgcom Standard Community List proto38-2654211-agg-ext-out-Test-MATCH-Community2MatchComm1MATCH-COMM-rgcom permit 1001:1001"
RPM sees that the route is not a BGP route( our route is static). Hence RPM won’t be able to do a match against the configured community values in the route-map. So this is considered as a match and hence the result(permit/deny) of that route-map sequence is provided. This is a day 1 behavior and there are no plans to change the RPM logic, however, issue has been fixed in 6.x by excluding community match from the static route-map.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
