Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3520
Views
0
Helpful
4
Replies

A BGP prefixes announcement question

Go to solution
Safar Safarov
Level 1
Level 1

‎01-16-2012 01:39 AM - edited ‎03-04-2019 02:55 PM

Hello,

Below is brief of bgp config on my router to ISP.

interface GigabitEthernet0/0

ip address 2.2.2.2 255.255.255.252 secondary

ip address 1.1.1.2 255.255.255.252

no ip redirects

no ip proxy-arp

!

router bgp 4444

no synchronization

bgp log-neighbor-changes

bgp bestpath compare-routerid

network 3.3.3.0 mask 255.255.240.0

neighbor BGP peer-group

neighbor BGP remote-as 5555

neighbor BGP version 4

neighbor BGP soft-reconfiguration inbound

neighbor BGP prefix-list BGP-to-ISP out

neighbor BGP route-map BGP-OUT out

neighbor 1.1.1.1 peer-group BGP

neighbor 1.1.1.1 description BGP-ISP-RR01

neighbor 2.2.2.1 peer-group BGP

neighbor 2.2.2.1 description BGP-ISP-RR02

no auto-summary

!

ip route 3.3.3.0 255.255.240.0 GigabitEthernet0/0

!

ip prefix-list BGP-to-ISP seq 5 permit 3.3.3.0/20 le 24

!

route-map BGP-OUT permit 10

match ip address prefix-list BGP-to-ISP

ISP announces 0.0.0.0/0 prefix to my router.

Can a loop occur if prefix announced by my router to ISP (i.e. 3.3.3.0/20) is inside of prefix announced by ISP to me (i.e. 0.0.0.0/0)?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎01-16-2012 02:02 AM

Hello Safar,

Can a loop occur if prefix announced by my router to ISP (i.e.  3.3.3.0/20) is inside of prefix announced by ISP to me (i.e. 0.0.0.0/0)?

You probably meant a different network: the 3.3.3.0/20 is not a valid network address. A netmask of /20 requires a multiple of 16 in the 3rd octet of the network address. In order for 3.3.3.0 to be a network address, the mask must be at least /24 and more.

To your question: No such loop should occur because a router always uses the longest matched prefix from its routing table to route packets. Even if your routing table contains both 3.3.3.0/X and 0.0.0.0/0, for all packets from within the network 3.3.3.0/X, the more specific route will be used. So in stable topology, no routing loops may occur.

A transient routing loop can occur when the 3.3.3.0/X route is removed from your routing table but the update has not yet been sent via BGP to your ISP. In that case, you are sending the packets for 3.3.3.0/X towards your ISP because of the default route, and the ISP is sending the packets back to you because it still has the 3.3.3.0/X route pointing to you. This is not a misconfiguration - it is caused by delays in propagating routing information, and is a routine problem with all routing protocols.

A possible workaround would be to have a static Null0 route configured for the same network with a higher administrative distance. If the correct 3.3.3.0/X network gets disconnected, it will be automatically replaced by this Null0 network, preventing routing loops (all packets will be discarded without being forwarded anywhere):

ip route 3.3.3.0 X.X.X.X Null0 254

There is one gotcha related to this config - the network will constantly be advertised to your ISP, as it will always be present in your routing table (just with different next hop - via Gi0/0 when everything's correct, or via Null0 if the real path fails). If you do not want this to happen and advertise the network to your ISP only when it is truly reachable, the config will be slightly more complex:

route-map Adv3.3.3.0 deny 10

match interface Null0

!

route-map Adv3.3.3.0 permit 20

!

router bgp 4444

network 3.3.3.0 mask 255.255.240.0 route-map Adv3.3.3.0

A couple of comments to your configuration, though:

  1. Your static route for the "network" 3.3.3.0/20 points directly to your Gi0/0 interface. This leads to excessive ARP traffic and excessively large ARP tables. You should rewrite the static route using the next hop IP address and avoid pointing directly to the egress interface.
  2. You are using the soft-reconfiguration inbound clause in your BGP configuration. This increases the memory footprint of your BGP process by storing both unfiltered and filtered BGP database. However, all current BGP implementations support the Route Refresh capability for graceful inbound policy changes, and using the soft-reconfiguration inbound is thereby completely unnecessary and even wrong. Please consider removing the command from your configuration.

Feel welcome to ask further.

Best regards,

Peter

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎01-16-2012 02:02 AM

Hello Safar,

Can a loop occur if prefix announced by my router to ISP (i.e.  3.3.3.0/20) is inside of prefix announced by ISP to me (i.e. 0.0.0.0/0)?

You probably meant a different network: the 3.3.3.0/20 is not a valid network address. A netmask of /20 requires a multiple of 16 in the 3rd octet of the network address. In order for 3.3.3.0 to be a network address, the mask must be at least /24 and more.

To your question: No such loop should occur because a router always uses the longest matched prefix from its routing table to route packets. Even if your routing table contains both 3.3.3.0/X and 0.0.0.0/0, for all packets from within the network 3.3.3.0/X, the more specific route will be used. So in stable topology, no routing loops may occur.

A transient routing loop can occur when the 3.3.3.0/X route is removed from your routing table but the update has not yet been sent via BGP to your ISP. In that case, you are sending the packets for 3.3.3.0/X towards your ISP because of the default route, and the ISP is sending the packets back to you because it still has the 3.3.3.0/X route pointing to you. This is not a misconfiguration - it is caused by delays in propagating routing information, and is a routine problem with all routing protocols.

A possible workaround would be to have a static Null0 route configured for the same network with a higher administrative distance. If the correct 3.3.3.0/X network gets disconnected, it will be automatically replaced by this Null0 network, preventing routing loops (all packets will be discarded without being forwarded anywhere):

ip route 3.3.3.0 X.X.X.X Null0 254

There is one gotcha related to this config - the network will constantly be advertised to your ISP, as it will always be present in your routing table (just with different next hop - via Gi0/0 when everything's correct, or via Null0 if the real path fails). If you do not want this to happen and advertise the network to your ISP only when it is truly reachable, the config will be slightly more complex:

route-map Adv3.3.3.0 deny 10

match interface Null0

!

route-map Adv3.3.3.0 permit 20

!

router bgp 4444

network 3.3.3.0 mask 255.255.240.0 route-map Adv3.3.3.0

A couple of comments to your configuration, though:

  1. Your static route for the "network" 3.3.3.0/20 points directly to your Gi0/0 interface. This leads to excessive ARP traffic and excessively large ARP tables. You should rewrite the static route using the next hop IP address and avoid pointing directly to the egress interface.
  2. You are using the soft-reconfiguration inbound clause in your BGP configuration. This increases the memory footprint of your BGP process by storing both unfiltered and filtered BGP database. However, all current BGP implementations support the Route Refresh capability for graceful inbound policy changes, and using the soft-reconfiguration inbound is thereby completely unnecessary and even wrong. Please consider removing the command from your configuration.

Feel welcome to ask further.

Best regards,

Peter

0 Helpful

Go to solution
Kishore Chennupati
Level 7
Level 7
In response to Peter Paluch

‎01-16-2012 02:18 AM

peter , i was just about to echo ur words but u got this before me

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Kishore Chennupati

‎01-16-2012 02:21 AM

Hi Kishore,

Oh, please do And please feel more than welcome to add any comments.

Best regards,

Peter

0 Helpful

Go to solution
Kishore Chennupati
Level 7
Level 7
In response to Peter Paluch

‎01-16-2012 02:32 AM

no . no more to add. you took this away from me ... heheh . You knw ur explanation is always a zillion times better than me.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card