Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2434
Views
0
Helpful
10
Replies

BGP default route and static floating route

Go to solution
Clem58
Level 3
Level 3

‎11-20-2021 08:52 AM - edited ‎11-20-2021 08:54 AM

Hello,

 

I'm trying to understand a routing configuration we have on a core switch.

The default route to 0.0.0.0 with "next-hop1" is a BGP one, and we also have specific ones in BGP as well.

 

A static floating route has been added with "next-hop2", with an administrative distance of 250, I guess it's for the failover of the BGP.

 

However I can see the static ip route statement in the config, but I cannot see it in the routing table ? Is it normal ? Is it appearing only when it's taking over ?

 

Second question: How the floating route is taking over, if the default route is failing ? I mean the traffic is not routed or only if the next-hop is not reachable ? Because on our case, the next-hop1 (LAN interface) connected to a modem/circuit is still reachable, but the circuit is down for example.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Clem58

‎11-20-2021 02:41 PM

While it is fairly common to have some tracking mechanism, such as ip sla for floating static routes I do not believe that it is necessary in this situation. If I am understanding the discussion correctly the primary default route is advertised by BGP. If there is a problem with the BGP neighbor that is advertising the route then the route is withdrawn from the routing table automatically, and there is no need for tracking.

If there is a problem with the BGP neighbor and its advertised default route is withdrawn, then the configured floating static route is inserted into the routing table. It will remain in the routing table until the BGP neighbor resumes advertising its default route and at that point the floating static default is withdrawn from the routing table. So the only time that you would see the floating static default route in the routing table is when the BGP neighbor is not working. 

It would depend on how your BGP is configured, but given what I think I understand of the environment I would not expect PA to see the floating static default route.

HTH

Rick

View solution in original post

0 Helpful

Go to solution
paul driver
VIP
VIP

‎11-21-2021 02:13 AM

Hello

@Clem58 wrote:
Actually the core switch is using same ibgp AS than a Palo Alto firewall
which LAN IP is the default bgp route to 0.0.0.0/0. 
The PA firewall as a
default static route to the isp modem, with a path monitoring.

So the PA fw is reciieving a ebgp default <admin distance 20> which is being advertised to its internal bgp peers <admin distance 200) in this case the core switch.

There is also a static default route on the PA you can see which has path monitoring applied  but it isnt installed in the route table

 

 

Actually the core switch is using same ibgp AS than 
But as the failover is working I assume this route is also in the
PA route table but not displayed, so when the default route is down, it
choose the second route to 0.0.0.0/0 that is the static with 250 AD.

When the ebgp default is in the PA route table then its own default static won’t be, however no matter what route the Fw's rib table has installed(ebgp or static) the core switch shouldn’t really care as I assume its probably receiving a default based on either of the PAs default routes.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
10 Replies 10

Go to solution
paul driver
VIP
VIP

‎11-20-2021 10:06 AM - edited ‎11-20-2021 10:08 AM

Hello

 

 

@Clem58 wrote:

Hello,

 

I'm trying to understand a routing configuration we have on a core switch.

The default route to 0.0.0.0 with "next-hop1" is a BGP one, and we also have specific ones in BGP as well.

 

A static floating route has been added with "next-hop2", with an administrative distance of 250, I guess it's for the failover of the BGP. < yes it will be

 

However I can see the static ip route statement in the config, but I cannot see it in the routing table ? Is it normal ? Is it appearing only when it's taking over ? < yes it is

 

Second question: How the floating route is taking over, if the default route is failing ? I mean the traffic is not routed or only if the next-hop is not reachable ? Because on our case, the next-hop1 (LAN interface) connected to a modem/circuit is still reachable, but the circuit is down for example. < usually this is accomplished with ip sla tracking, which tracks a ip address on the primary egress path and as/when this becomes unavailable the tracking will notice the loss on reachability, now this tracking would be tied to the primary default static route and if reachability is lost then the primary default static will be removed from the rtrs routing table and the backup static route with the higher admin distance will be installed as/when reachability returns to the primary path the reverse will happen and the primary default route will then be entered into the routing table once again and become the preferred path


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Clem58
Level 3
Level 3
In response to paul driver

‎11-20-2021 10:36 AM

Thank you very much Paul for this comprehensive answer.

Actually the core switch is using same ibgp AS than a Palo Alto firewall
which LAN IP is the default bgp route to 0.0.0.0/0. The PA firewall as a
default static route to the isp modem, with a path monitoring.

What I can see is in the PA routing table, the core switch routes are
correctly imported/installed, but I cannot see the static route inactive
either. But as the failover is working I assume this route is also in the
PA route table but not displayed, so when the default route is down, it
choose the second route to 0.0.0.0/0 that is the static with 250 AD.
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎11-20-2021 10:43 AM

Hello,

 

usually the floating static route is tied to some failover mechanism. Do you have the full configuration of the router ?

0 Helpful

Go to solution
Clem58
Level 3
Level 3
In response to Georg Pauwen

‎11-20-2021 11:56 AM

It will be difficult to give it to you, but the question is on Firewall
side actually.
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Clem58

‎11-20-2021 02:41 PM

While it is fairly common to have some tracking mechanism, such as ip sla for floating static routes I do not believe that it is necessary in this situation. If I am understanding the discussion correctly the primary default route is advertised by BGP. If there is a problem with the BGP neighbor that is advertising the route then the route is withdrawn from the routing table automatically, and there is no need for tracking.

If there is a problem with the BGP neighbor and its advertised default route is withdrawn, then the configured floating static route is inserted into the routing table. It will remain in the routing table until the BGP neighbor resumes advertising its default route and at that point the floating static default is withdrawn from the routing table. So the only time that you would see the floating static default route in the routing table is when the BGP neighbor is not working. 

It would depend on how your BGP is configured, but given what I think I understand of the environment I would not expect PA to see the floating static default route.

HTH

Rick
0 Helpful

Go to solution
truideman
Level 1
Level 1
In response to Richard Burts

‎07-24-2022 09:07 PM

A question;

How can i loadshare outbound upstream traffic in a bgp multihomed sitiuation whereas iam peering with 2 diffrent AS's

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to truideman

‎07-25-2022 01:12 AM

Your question about how to loadshare outbound traffic in a BGP environment has nothing to do with the question in the original post (which was about a floating static default route and a BGP default route). I would suggest that you might get better results if you had posted a new question. But you asked your question here and I will respond to it.

How to loadshare outbound traffic in a multi homed BGP environment depends on things that we do not know about your environment. Does your BGP multihome use a single edge router? Or do you have multiple edge routers peering with external BGP peers? How does the default route from the edge router get propagated into your network? Do your BGP neighbors advertise only the default route? Or do some of the external BGP neighbors also advertise additional prefixes? Until we know these details we can not give good advice.

In the simple case, where you have a single edge router with multiple external BGP neighbors and where all external BGP neighbors advertise only a default route, then loadshare will happen. If your situation is not the simple case then we need more detail information to be able to give you good advice.

HTH

Rick
0 Helpful

Go to solution
paul driver
VIP
VIP

‎11-21-2021 02:13 AM

Hello

@Clem58 wrote:
Actually the core switch is using same ibgp AS than a Palo Alto firewall
which LAN IP is the default bgp route to 0.0.0.0/0. 
The PA firewall as a
default static route to the isp modem, with a path monitoring.

So the PA fw is reciieving a ebgp default <admin distance 20> which is being advertised to its internal bgp peers <admin distance 200) in this case the core switch.

There is also a static default route on the PA you can see which has path monitoring applied  but it isnt installed in the route table

 

 

Actually the core switch is using same ibgp AS than 
But as the failover is working I assume this route is also in the
PA route table but not displayed, so when the default route is down, it
choose the second route to 0.0.0.0/0 that is the static with 250 AD.

When the ebgp default is in the PA route table then its own default static won’t be, however no matter what route the Fw's rib table has installed(ebgp or static) the core switch shouldn’t really care as I assume its probably receiving a default based on either of the PAs default routes.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎02-01-2022 07:21 AM

I am glad that our explanations have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful

Go to solution
Clem58
Level 3
Level 3
In response to Richard Burts

‎02-01-2022 07:25 AM

Yes this answer was right and helped me a lot. I’m using the Cisco community when I have questions and people here, engineers, system admins, have already helped me a lot !
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card