Re: bgp advertising default route in mutihomed network

Athiqur Rahman · ‎02-26-2011

Hi,

I have Cisco 7200vxr doing BGP with 2 directly connected ISP's over ethernet. I am receiving default routes only, and have added a higher weight to my routes learned from my primary ISP. below is my configuration (ip addresses changed of course)

router bgp 100
no synchronization
bgp router-id x.x.x.x
bgp log-neighbor-changes
network 100.100.64.0 mask 255.255.254.0
network 100.100.71.0
network 100.100.78.0 mask 255.255.254.0

neighbor <ISP_A-IP> remote-as 200
neighbor <ISP_A-IP> weight 175
neighbor <ISP_B-IP> remote-as 300
neighbor <ISP_B-IP> weight 150
auto-summary

Advertising my rotues to the primary ISP is fine

7206vxr.rb#sh ip bgp neighbors <ISP_A-IP> advertised-routes
BGP table version is 7, local router ID is x.x.x.x
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.64.0/23   0.0.0.0                  0         32768 i
*> 100.100.71.0      100.100.64.57             0         32768 i
*> 100.100.78.0   0.0.0.0                  0         32768 i

Total number of prefixes 3

However, advertisements to the secondary ISP inlcludes the defautl route learned from the primary

7206vxr.rb#sh ip bgp neighbors <ISP_B-IP> advertised-routes
BGP table version is 7, local router ID is x.x.x.x
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 0.0.0.0          <ISP_A-IP>
*> 100.100.64.0/23   0.0.0.0                  0         32768 i
*> 100.100.71.0      100.100.64.57             0         32768 i
*> 100.100.78.0   0.0.0.0                  0         32768 i

Question is is that normal behavior? Should I not just only be advertising just the networks that i specified in my configuration?

milan.kulik · ‎02-26-2011

Hi,

yes, this is normal.

By default, a BGP router is advertising prefixes received from one eBGP neighbor to other BGP neighbors.

If you want to prevent this behavior, you need to configure something like this:

ip as-path access-list 1 permit ^$

router bgp 100
...

neighbor remote-as 200 route-map advert out
neighbor remote-as 300 route-map advert out

route-map advert permit 10
match as-path 1

This way you will advertise only prefixes originated in your own AS.

HTH,

Milan

Kishore Chennupati · ‎02-26-2011

Hi Athiqur,

It is highly recommended you have as path filters on your routers when peering with different AS's. Otherwise, there is a potential that your AS might become the transit AS .e ISP B will use your AS to get to ISPA (not that it happens often but there is potential if the peering config on the ISP end is stuffedup). Imagine that the ISP-B is not pushing out the default route to you. It will then learn the default route via your AS and start forwarding traffic towards your AS...just as an example..

HTH,

Regards,

Kishore

Athiqur Rahman · ‎02-28-2011

Thanks guys, you've been a great help