ASR Can ping OTHER ASR over Verizon PIP (BGP) But Cannot Ping Devices

sak99384 · ‎11-17-2023

I have been banging my head for days on this one. Working on a network where we had a CE router fail (power supply issue) that was doing BGP over a Verizon private line. Replaced router with like model, loaded backup configuration, and while I can ping the router at each side (and each router can ping in to the local network,) I cannot hit any devices on the far side of either link, except the routers themselves. I have attached sanitized configs and ANY help is much appreciated.

Basic Network Layout:

Routes show in the bgp table on each side:

MHM Cisco World · ‎11-17-2023

The defualt route learn via bgp but it with letters "r"

Which meaning that RIB have same prefix with less AD.

So what you need is make RIB prefer prefix via BGP by reduce AD of other path.

Note :- ebgp have ad 20

sak99384 · ‎11-17-2023

If you are talking about my routing tables, I don't see any routes that are "r" the ones that I am trying to hit are marked "i" on each side.

MHM Cisco World · ‎11-17-2023

Show ip bgp <<- this output you share for what ?

sak99384 · ‎11-17-2023

Yes. I shared for both routers.

MHM Cisco World · ‎11-17-2023

r> 0.0.0.0 this IP is failure

Can I know prefix you need to ping via bgp and show ip route for both router

sak99384 · ‎11-17-2023

Sure. Also, I forgot to mention, the local Meraki router/FW is at 10.77.255.1 and 10.78.255.1 . This is the gateway to the rest of the local network on each side.

MHM Cisco World · ‎11-17-2023

The traffic is used gw which is FW not use Router to reach other site.

The solution is using hsrp between two router and FW and make GW of host is VIP of HSRP.

sak99384 · ‎11-17-2023

Is HRSP the only way? I do not understand why this config worked for years prior, and then didnt, just on equipment swap.

MHM Cisco World · ‎11-17-2023

Hmm,

Is there any pbr config on router or FW?

sak99384 · ‎11-17-2023

No there is not.

sak99384 · ‎11-17-2023

The main FW/router is Cisco Meraki, and it is set to auto vpn the sites together if the site to site is down. Thanks for all of you help so far... thinking it has to be something simple!

paul driver · ‎11-19-2023

Your bgp configuration based on the supplied topology is incorrect, both rtrs in location A/B show that they share what looks like just the one private vpls line, are in the same bgp ASN (1) and are peering to the same ISP ASN (6500)… this you don’t show.

So as it stands any advertise lan subnets advertised from either location rtr will NOT be accepted by either rtr due to the fact bgp will see its own As-path (1) in the bgp updates and not accept them.

Do you have any other connection from either location that connects and peers directly into the ISP because as it is presently your setup is incomplete and suggests the full topology is not being shown.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul