Solved: BGP issue on FPR-2110 firewall

loc.nguyen · ‎09-30-2022

Hi,

I try to setup BGP on a FPR-2110 firewall. I have an issue when I advertise 10.0.1.25/32 to the network.

See my config below:

company-ftd-1# show run | b router bgp
router bgp 6xxxx
bgp log-neighbor-changes
bgp router-id 10.200.23.14
bgp router-id vrf auto-assign
address-family ipv4 unicast
neighbor 10.200.23.13 remote-as 1yyyy
neighbor 10.200.23.13 ebgp-multihop 2
neighbor 10.200.23.13 transport path-mtu-discovery disable
neighbor 10.200.23.13 ha-mode graceful-restart
neighbor 10.200.23.13 activate
network 10.0.1.25 mask 255.255.255.255
no auto-summary
no synchronization
exit-address-family

The neighbor shows up:


company-ftd-1# show bgp sum
BGP router identifier 10.200.23.14, local AS number 6xxxx
BGP table version is 3, main routing table version 3
1 network entries using 200 bytes of memory
1 path entries using 80 bytes of memory
1/1 BGP path/bestpath attribute entries using 208 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 512 total bytes of memory
BGP activity 2/1 prefixes, 2/1 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.200.23.13 4 1yyyy 14 12 3 0 0 00:04:45 1

But he route 10.0.1.25/32 doesn't :


company-ftd-1# show bgp

BGP table version is 3, local router ID is 10.200.23.14
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
r> 10.200.23.12/30 10.200.23.13 0 1yyyy i
company-ftd-1#

Could you advise what wrong?

Thanks

Loc

MHM Cisco World · ‎09-30-2022

yes I see but the mask is /24 not /32 that why bgp not advertise it

View solution in original post

MHM Cisco World · ‎09-30-2022

are network 10.0.1.25 mask 255.255.255.255 found in RIB ?

loc.nguyen · ‎09-30-2022

Yes, it is.

ctrma-ftd-1# show route 10.0.1.0

Routing entry for 10.0.1.0 255.255.255.0
Known via "eigrp 1", distance 90, metric 3072, type internal
Redistributing via eigrp 1
Last update from 10.1.1.2 on connect_PA, 31:41:28 ago
Routing Descriptor Blocks:
* 10.1.1.2, from 10.1.1.2, 31:41:28 ago, via connect_PA
Route metric is 3072, traffic share count is 1
Total delay is 20 microseconds, minimum bandwidth is 1000000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1

ctrma-ftd-1# ping 10.0.1.25
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.1.25, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
ctrma-ftd-1#

MHM Cisco World · ‎09-30-2022

yes I see but the mask is /24 not /32 that why bgp not advertise it

loc.nguyen · ‎09-30-2022

Thank you!

I believe you're right.

I tried to change it to /24 but I had another issue with my firewall.

"Deployment failed. Correct configuration error(s) and redeploy. If deployment fails again, contact Cisco TAC."

I will create a TAC case to fix that first then I will try the /24. I will update you on Monday.

Thank you very much for your help.

Loc

MHM Cisco World · ‎09-30-2022

you are so so welcome