Re: ASR BGP problem

DellBananaALK · ‎05-10-2024

the router looks fine and show ip bgp is correct
R2 can't reach ISP by going to R1 to ISP

*******************************************************************************************************
R1
no license smart enable
!
!
spanning-tree extend system-id

!
interface Loopback0
ip address 160.12.45.11 255.255.255.255
no ip proxy-arp
!

interface GigabitEthernet0/0/0
ip address 160.45.45.26 255.255.255.252
no ip proxy-arp
load-interval 30
negotiation auto
!

interface GigabitEthernet0/0/2
description ;;OUTSIDESwitch;;
ip address 160.12.45.41 255.255.255.248
standby 1 ip 160.12.45.43
standby 1 priority 105
standby 1 preempt
logging event link-status
negotiation auto
cdp enable
arp timeout 1
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/4
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/5
description IBGP connect
ip address 10.12.1.1 255.255.255.252
negotiation auto
!

router bgp 65001
bgp router-id 160.12.45.11
bgp log-neighbor-changes
neighbor 160.45.45.26 remote-as 6056
neighbor 160.45.45.26 version 4
neighbor 160.12.45.12 remote-as 65001
neighbor 160.12.45.12 description IBGP to WAN-02
neighbor 160.12.45.12 update-source Loopback0
!
address-family ipv4
network 160.45.0.0
network 160.45.11 mask 255.255.255.255
neighbor 160.45.45.26 activate
neighbor 160.45.45.26 soft-reconfiguration inbound
neighbor 160.45.45.26 route-map umats-in-new-prefix in
neighbor 160.12.45.12 activate
neighbor 160.12.45.12 next-hop-self
neighbor 160.12.45.12 soft-reconfiguration inbound
exit-address-family
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 160.45.0.0 255.255.0.0 Null0
ip route 160.12.45.12 255.255.255.255 10.12.1.2
!
!
ip prefix-list default_in seq 5 permit 0.0.0.0/0
!
ip prefix-list to-test-prefix seq 5 permit 160.45.0.0/16
ip prefix-list to-test-prefix seq 10 permit 160.12.45.11/32
ip prefix-list to-test-prefix seq 15 permit 160.12.45.12/32
ip prefix-list to-test-prefix seq 25 permit 10.21.240.0/24
ip prefix-list to-test-prefix seq 30 permit 78.124.249.0/24
ip prefix-list to-test-prefix seq 35 permit 9.59.146.240/28
ip prefix-list to-test-prefix seq 40 permit 0.0.0.0/0
!
!
route-map umats-in-new-prefix permit 10
set local-preference 200
!
route-map to-umats permit 10
match ip address prefix-list to-test-prefix
R1

*************************************************************************************************************

********************************************************************************************************
R2

no license smart enable
!
!
spanning-tree extend system-id
diagnostic bootup level minimal
!
!
!
interface Loopback0
ip address 60.12.45.12 255.255.255.255

interface GigabitEthernet0/0/0
description PG INT
ip address 160.45.45.66 255.255.255.252
no ip proxy-arp
load-interval 30
negotiation auto
!
interface GigabitEthernet0/0/2
description ;;OUTSIDESwitch;;
ip address 160.12.45.42 255.255.255.248
standby 1 ip 160.12.45.43
standby 1 preempt
logging event link-status
negotiation auto
cdp enable
arp timeout 1
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/4
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/5
description IBGP connect
ip address 10.12.1.2 255.255.255.252
negotiation auto
!

router bgp 65001
bgp router-id 60.12.45.12
bgp log-neighbor-changes
neighbor 160.45.45.65 remote-as 6056
neighbor 160.45.45.65 version 4
neighbor 160.12.45.11 remote-as 22877
neighbor 160.12.45.11 description IBGP to WAN-01
neighbor 160.12.45.11 update-source Loopback0
!
address-family ipv4
network 160.45.0.0
network 60.12.45.12 mask 255.255.255.255
neighbor 160.45.45.65 activate
neighbor 160.45.45.65 soft-reconfiguration inbound
neighbor 160.45.45.65 route-map to-umats-prefix out
neighbor 160.12.45.11 activate
neighbor 160.12.45.11 next-hop-self
neighbor 160.12.45.11 soft-reconfiguration inbound
exit-address-family
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 160.45.0.0 255.255.0.0 Null0
ip route 160.12.45.11 255.255.255.255 10.12.1.1
!
!
ip prefix-list default_in seq 5 permit 0.0.0.0/0
!
ip prefix-list to-umats-prefix seq 5 permit 150.21.240.0/24
ip prefix-list to-umats-prefix seq 10 permit 78.124.249.0/24
ip prefix-list to-umats-prefix seq 15 permit 4.59.146.240/28
!
ip prefix-list to-umats-prepend seq 5 permit 131.171.0.0/16

!
!
route-map umats-in-new-prefix permit 10
set local-preference 50
!
route-map to-umats-prefix permit 10
match ip address prefix-list to-umats-prepend
set as-path prepend 65001 65001 65001
!
route-map to-umats-prefix permit 20
match ip address prefix-list to-umats-prefix
!
!
!

Harold Ritter · ‎05-10-2024

Hi @DellBananaALK ,

The iBGP session between R1 and R2 is not correctly configured.

R1:

router bgp 65001
neighbor 160.12.45.12 remote-as 65001
neighbor 160.12.45.12 description IBGP to WAN-02
neighbor 160.12.45.12 update-source Loopback0

R2:

router bgp 65001
neighbor 160.12.45.11 remote-as 22877
neighbor 160.12.45.11 description IBGP to WAN-01
neighbor 160.12.45.11 update-source Loopback0
!

You need to change the following on R2:

neighbor 160.12.45.11 remote-as 65001

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎05-10-2024

Share

show ip bgp

Show ip route

In R2

MHM

Georg Pauwen · ‎05-10-2024

Hello,

on R1, you are using a local IP address as a neighbor ?

R1

interface GigabitEthernet0/0/0
ip address 160.45.45.26 255.255.255.252
no ip proxy-arp
load-interval 30
negotiation auto
!
router bgp 65001
bgp router-id 160.12.45.11
bgp log-neighbor-changes
neighbor 160.45.45.26 remote-as 6056
neighbor 160.45.45.26 version 4

Post a schematic drawing showing how the routers are connected...

DellBananaALK · ‎05-10-2024

I try to removes data and I did alot of replacement in notepad
BGP peering is fine

MHM Cisco World · ‎05-10-2024

Yes I guess that you cover some info and do some typo

Share show ip bpg and show ip route

What important in these two commands is check the next hop of bgp.prefix is it show in RIB or not?

MHM

DellBananaALK · ‎05-10-2024

prefix-list with route-map
Is this required ip prefix-list default_in seq 5 permit 0.0.0.0/0.
I thought this was to allow but not to advertise? i want to be clear

MHM Cisco World · ‎05-10-2024

Ths ISP advertise defualt route toward R1 and R2

R1 re-advertise it to R2 with next-hop as R1

R2 use now R1 to access internet (0.0.0.0)

We check your config we dont see prefix filter between two R1 abd R2 unless you also typo or missing add it.

So in R2 check show ip route and you must see the R2 prefer 0.0.0.0 via R1 not directly from ISP

MHM

DellBananaALK · ‎05-10-2024

Can you show me a example of it?

MHM Cisco World · ‎05-10-2024

sure this lab for you and other

MHM

DellBananaALK · ‎05-14-2024

Soon I add prefix-list it bgp stop working
ip prefix-list to-out-prefix seq 5 permit x.x.0.0/16
ip prefix-list to-out-prefix seq 10 permit x.x.x.11/32
ip prefix-list to-out-prefix seq 15 permit x.x.x.12/32
ip prefix-list to-out-prefix seq 20 permit x.x.x.128/28
ip prefix-list to-out-prefix seq 25 permit x.x.x.0/24
ip prefix-list to-out-prefix seq 30 permit x.x.x.0/24
ip prefix-list to-out-prefix seq 35 permit x.x.x.240/28
ip prefix-list to-out-prefix seq 40 permit 0.0.0.0/0 le 32 <-- i added this after but didn't help

route-map to-out-map permit 10
match ip address prefix-list to-out-prefix
!
route-map to-out-map permit 20

Harold Ritter · ‎05-14-2024

Hi @DellBananaALK ,

Configuring the following line in the prefix-list does not only allow the default route, but any routes:

ip prefix-list to-out-prefix seq 40 permit 0.0.0.0/0 le 32

If you want to allow the default route specifically, you need add the following to you prefix-list:

ip prefix-list to-out-prefix seq 40 permit 0.0.0.0/0

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎05-14-2024

This route-map apply in which direction and for which neighbor, ISP or R1?

MHM

DellBananaALK · ‎05-14-2024

I'm going to lab it up and show all the config for you MHM
I will make a new post just to clean up a bit

MHM Cisco World · ‎05-14-2024

take your time friend

MHM