Solved: Re: BGP path preference over Static default route - Page 2

Yuvi1983 · ‎09-03-2024

Hi Community,

I am having the following situation now,

R1 -asr1001 having static default route to firewall

0.0.0.0/0---> 192.168.0.17

On R1 I configured following & I like to prefer the BGP path over above default route path.

#R1 Config
interface TenGigabitEthernet0/0/0.500 >> Directly connected interface
encapsulation dot1Q 500
ip address 10.50.120.2 255.255.255.0
standby 1 ip 10.50.120.1
standby 1 priority 105
end

#BGP config on R1
router bgp 394566
bgp log-neighbor-changes
address-family ipv4
redistribute connected >> redistributed connected SVI
exit-address-family

ip vrf 250
rd 200:25
import ipv4 unicast map VRF-Global-to-VRF-250 >> filtering
!
!
interface TenGigabitEthernet0/0/0
no ip address
cdp enable
!
interface TenGigabitEthernet0/0/0.250 >> used for bgp with FW2
description firewall
encapsulation dot1Q 250
ip vrf forwarding 250
ip address 169.254.0.10 255.255.255.248
!
router bgp 394566
!
address-family ipv4 vrf 250
neighbor 169.254.0.9 remote-as 397013
neighbor 169.254.0.9 local-as 4200000001 no-prepend
neighbor 169.254.0.9 description firewall
neighbor 169.254.0.9 activate
neighbor 169.254.0.9 soft-reconfiguration inbound
exit-address-family
!
ip route vrf 250 10.53.120.0 255.255.255.0 169.254.0.9 global >> Added this route in vrf 250
end

#Advertisment
I see the routes are in vrf 250
asr1001#sh ip ro vrf 250
B 10.50.120.0/24
is directly connected, 01:04:19, TenGigabitEthernet0/0/0.500
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500

asr1001#show bgp vpnv4 unicast vrf 250 neighbors 169.254.0.9 advertised-routes
BGP table version is 53, local router ID is 10.254.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:25 (default for vrf 250)
Import Map: VRF-Global-to-VRF-250, Address-Family: IPv4 Unicast, Pfx Count/Limit: 1/1000
*> 10.50.120.0/24 0.0.0.0 0 32768 ?

Total number of prefixes 1

I like to prefer the FW2 ( bgp path) over the default route path to reach destination 10.53.120.0/24

What config I am required to add please?

Thank you ...Yuvi

Yuvi1983 · ‎09-04-2024

On R2

asr1001#sh ip ro vrf 250 10.53.120.0 longer-prefixes

Routing Table: 250
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

B 10.53.120.0/24 [20/0] via 169.254.0.9, 03:08:14

MHM Cisco World · ‎09-04-2024

So it preferred bgp not static route as I see

Can I see config of vlan 500

MHM

Yuvi1983 · ‎09-04-2024

R2 asr1001

interface TenGigabitEthernet0/0/0.500
description AzVWAN_NonProd_SVI_DCE
encapsulation dot1Q 500
ip address 10.50.120.2 255.255.255.0
standby 1 ip 10.50.120.1
standby 1 priority 105
end

MHM Cisco World · ‎09-04-2024

That explains why.

I will share solutions today

Thanks for waiting

MHM

Yuvi1983 · ‎09-04-2024

Thank you so much .....

Yuvi1983 · ‎09-04-2024

Good morning MHM,

It will be great help please .. I am not sure what's really in the config I am missing.

You pointed out vlan interface 500..

It will be great if you can provide the config please ..

Will wait for your solution ..Thank you again

MHM Cisco World · ‎09-04-2024

ip route 10.53.120.0 255.255.255.0 <interface connect R2 to FW2> <<- use interface not next-hop

ip route 10.53.120.0 255.255.255.0 <interface connect R2 to FW3> 50 <<- use interface not next-hop

above is what you need

NOTE:- the route leaking in BGP in your case make R2 advertise global subnet to FW2, which make FW2 know Global prefix connect to R2

MHM

Yuvi1983 · ‎09-05-2024

ok, trying now ..

MHM Cisco World · ‎09-05-2024

when you add command try traceroute from any host connect to VLAN500

MHM

Yuvi1983 · ‎09-05-2024

Trying to make the communication working from host in vlan 500 10.50.120.66 to destination 10.53.120.66

R2#sh run | i 10.53
ip route 10.53.0.0 255.255.0.0 192.168.0.60 50 >> R3
ip route 10.53.120.0 255.255.255.0 TenGigabitEthernet0/0/0.251 >> FW2 !Added now
ip route vrf 250 10.53.120.0 255.255.255.0 169.254.0.9 global >> FW2 !This really required?

R2#sh ip ro vrf 250 | i 10.53
S 10.53.120.0/24 [1/0] via 169.254.0.9
B 10.53.121.0/24 [20/0] via 169.254.0.9, 3d00h
R2#

R2#sh ip ro 10.53.120.66
Routing entry for 10.53.120.0/24
Known via "static", distance 1, metric 0 (connected)
Redistributing via ospf 1
Routing Descriptor Blocks:
* directly connected, via TenGigabitEthernet0/0/0.251
Route metric is 0, traffic share count is 1

Is this route table good please ?

MHM Cisco World · ‎09-05-2024

ip route 10.53.0.0 255.255.0.0 192.168.0.60 50 >> not correct I mention use interface plus next-hop
ip route 10.53.120.0 255.255.255.0 TenGigabitEthernet0/0/0.251 >> FW2 correct
ip route vrf 250 10.53.120.0 255.255.255.0 169.254.0.9 global >>not required

Now when you traceroute from vlan 500 host what is path?

MHM

Yuvi1983 · ‎09-05-2024

R2#sh run | i 10.53
ip route 10.53.0.0 255.255.0.0 TenGigabitEthernet0/0/0.184 192.168.0.60 50 !Added now
ip route 10.53.120.0 255.255.255.0 TenGigabitEthernet0/0/0.251

R2#sh ip ro vrf 250 | i 10.53
B 10.53.120.0/24 [20/0] via 169.254.0.9, 00:08:46
B 10.53.121.0/24 [20/0] via 169.254.0.9, 3d00h

Trace from host in VLAN 500

[root@and-dce-rhel01 ~]# tracepath 10.53.120.66 -n
1?: [LOCALHOST] pmtu 1500
1: 10.50.120.2 0.360ms
1: 10.50.120.2 0.198ms >> R2
2: no reply
3: no reply
4: no reply
5: no reply
6: no reply
7: no reply
8: no reply
9: no reply
10: no reply
11: no reply
12: no reply
13: no reply
14: no reply
15: no reply
16: no reply
17: no reply
18: no reply
19: no reply
20: no reply
21: no reply
22: no reply
23: no reply
24: no reply
25: no reply
26: no reply
27: no reply
28: no reply
29: no reply
30: no reply
Too many hops: pmtu 1500
Resume: pmtu 1500
[root@and-dce-rhel01 ~]#

MHM Cisco World · ‎09-05-2024

This config is correct, it can FW drop ttl exceed and this make traceroute wrong

Try ping repeat 100

check FW log or interface traffic count

See if there is any packet pass through FW

MHM

Yuvi1983 · ‎09-05-2024

ok, trying now

Yuvi1983 · ‎09-05-2024

Yesterday , I tried adding the vlan 500 interface with ( ip vrf forwording 250 ), Yesterday seen the hits on FW

If I am removing the ( ip vrf forwording 250 ) for vlan 500

The traffic hits not seen on the FW

R2#sh ip int brief

Te0/0/0.500 10.50.120.2 YES manual up up

interface TenGigabitEthernet0/0/0.500
description AzVWAN_NonProd_SVI_DCE
encapsulation dot1Q 500
ip address 10.50.120.2 255.255.255.0
standby 1 ip 10.50.120.1
standby 1 priority 105

Continuous ping running from host & repeat R2

[root@and-dce-rhel01 ~]# ping 10.53.120.66
PING 10.53.120.66 (10.53.120.66) 56(84) bytes of data.

R2#ping 10.53.120.66 repeat 1000

ON FW2 routing table

FW2(active)> show routing route | match 10.50.120
10.50.120.0/24 169.254.0.10 A?B 55681 4200000001
FW2(active)> show routing route | match 10.53.120
10.53.120.0/24 169.254.21.1 A?B 3370130 65515
admin@and-edgefw02(active)>

169.254.0.10 ( R2 interface used for bgp vrf 250)