Solved: Re: BGP Lookup glass server and best route

mahesh18 · ‎08-27-2018

Hi Everyone,

I was checking our internet subnet form BGP Lookup Glass

###########################################################################
Optus BGP Route Viewer
203.202.125.6 route-views.optus.net.au , Sydney , Australia

This router has the complete view of Optus AS7474 routes.

This router should _not_ be used to verify Optus backbone routing policy.
The best path shown is the current best path *from this router*.

Please contact noc@optus.net.au if you have questions or comments about
this service, its use, or if you might be able to contribute your view.

The Optus route-views server is NOT to be used with ANY automated scripts
unless expressly authorised by Optus.

############################################################################

route-views.optus.net.au>show his
route-views.optus.net.au>show history
show history
route-views.optus.net.au>show ip bgp 198.160.x.x
BGP routing table entry for 198.160.x.x/24, version 842275433
Paths: (2 available, best #1, table default)
Not advertised to any peer??????????????? what does this mean here?
7474 7473 1299 6327 25983 16569
203.202.143.34 from 203.202.143.34 (203.202.143.34)
Origin EGP, localpref 100, valid, external, best
Community: 7473:1 7473:12155 7474:1202 7474:1212 7474:1403
7474 7473 1299 6327 25983 16569
203.202.143.33 from 203.202.143.33 (203.202.143.33)
Origin EGP, localpref 100, valid, external
Community: 7473:1 7473:12155 7474:1202 7474:1212 7474:1403
route-views.optus.net.au>

1>From above output how can i know which is best path to the 198.160.x.x network?

2>which are the two paths to the source

3>Not advertised to any peer what does it mean?

Regards

Mahesh

Francesco Molino · ‎08-27-2018

Hi

The best part is the 1st one through 203.202.143.34.

You can also see it at the beginning of the output:

Paths: (2 available, best #1, table default)

The first part is through neighbor 203.202.143.34 and 2nd through 203.202.143.33

Nothing is being advertised because there's a distribute list deny any any outside:

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.65.89.161 4 7474 2467674 1025231 844187187 0 0 46w4d 27319
202.139.124.130 4 7474 6824775 3693156 844187187 0 0 3y11w 27291
202.160.242.71 4 7473 0 0 1 0 0 never Idle
203.13.132.7 4 7474 9134593 2352595 844187187 0 0 2y2w 27021
203.13.132.29 4 7474 0 0 1 0 0 2y29w Active
203.13.132.35 4 7474 0 0 1 0 0 2y31w Idle
203.13.132.37 4 7474 0 0 1 0 0 2y29w Active
203.13.132.41 4 7474 0 0 1 0 0 2y31w Active
203.13.132.49 4 7474 0 0 1 0 0 2y30w Active
203.13.132.51 4 7474 0 0 1 0 0 2y39w Idle
203.13.132.53 4 7474 0 0 1 0 0 2y28w Idle
203.202.143.3 4 7474 0 0 1 0 0 never Idle (Admin)
203.202.143.33 4 7474 70031828 1332803 844187187 0 0 1y8w 707729
203.202.143.34 4 7474 66670456 1342152 844187187 0 0 1y8w 707725
route-views.optus.net.au>sh ip bgp neig 202.139.124.130 policy deta
Neighbor: 202.139.124.130, Address-Family: IPv4 Unicast
Inherited polices:
route-map SET-NEXTHOP in
distribute-list 100 out
next-hop-self

Neighbor: 202.139.124.130, Address-Family: IPv4 Unicast <detail>
Inherited polices:
route-map SET-NEXTHOP in
route-map SET-NEXTHOP, deny, sequence 5
Match clauses:
ip address (access-lists): Ignore_Illegal_Routes
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map SET-NEXTHOP, permit, sequence 10
Match clauses:
Set clauses:
ip next-hop peer-address
Policy routing matches: 0 packets, 0 bytes

distribute-list 100 out
Extended IP access list 100
10 deny ip any any (803944603 matches)
route-views.optus.net.au>

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎08-27-2018

Nope it's not always the first, it can be the second. Try with 198.160.84.0 and you'll see it's the second one.
I showed the detail of a specific neighbor to show you all the details that confirm is denied using distribute list.

In this specific case, is not related to ibgp.
If you run sh ip bgp neig | i BGP you'll see there are only ebgp peering:

route-views.optus.net.au>sh ip bgp neig | i BGP
BGP neighbor is 192.65.89.161, remote AS 7474, external link
Member of peer-group UNICAST-EBGP for session parameters
BGP version 4, remote router ID 192.65.89.161
BGP state = Established, up for 46w4d
BGP table version 844200936, neighbor version 844200936/0
UNICAST-EBGP peer-group member
External BGP neighbor may be up to 255 hops away.
BGP neighbor is 202.139.124.130, remote AS 7474, external link
Member of peer-group UNICAST-EBGP for session parameters
BGP version 4, remote router ID 202.139.124.130
BGP state = Established, up for 3y11w
BGP table version 844200936, neighbor version 844200936/0
UNICAST-EBGP peer-group member
External BGP neighbor may be up to 255 hops away.
BGP neighbor is 202.160.242.71, remote AS 7473, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
BGP table version 844200936, neighbor version 1/844200936
External BGP neighbor may be up to 255 hops away.
BGP neighbor is 203.13.132.7, remote AS 7474, external link
Member of peer-group UNICAST-EBGP for session parameters
BGP version 4, remote router ID 172.26.34.14
BGP state = Established, up for 2y2w
BGP table version 844200936, neighbor version 844200936/0
UNICAST-EBGP peer-group member
Last reset 2y2w, due to BGP protocol initialization
External BGP neighbor may be up to 255 hops away.
BGP neighbor is 203.13.132.29, remote AS 7474, external link
Member of peer-group UNICAST-EBGP for session parameters
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
BGP table version 844200936, neighbor version 1/844200936
UNICAST-EBGP peer-group member
External BGP neighbor may be up to 255 hops away.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎08-29-2018

We don't have the full visibility here, tried to connect to see if i had yet a subnet in this range but nothing showed up.
I believe it took the oldest one (1st announced path).

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎08-27-2018

Hi

The best part is the 1st one through 203.202.143.34.

You can also see it at the beginning of the output:

Paths: (2 available, best #1, table default)

The first part is through neighbor 203.202.143.34 and 2nd through 203.202.143.33

Nothing is being advertised because there's a distribute list deny any any outside:

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.65.89.161 4 7474 2467674 1025231 844187187 0 0 46w4d 27319
202.139.124.130 4 7474 6824775 3693156 844187187 0 0 3y11w 27291
202.160.242.71 4 7473 0 0 1 0 0 never Idle
203.13.132.7 4 7474 9134593 2352595 844187187 0 0 2y2w 27021
203.13.132.29 4 7474 0 0 1 0 0 2y29w Active
203.13.132.35 4 7474 0 0 1 0 0 2y31w Idle
203.13.132.37 4 7474 0 0 1 0 0 2y29w Active
203.13.132.41 4 7474 0 0 1 0 0 2y31w Active
203.13.132.49 4 7474 0 0 1 0 0 2y30w Active
203.13.132.51 4 7474 0 0 1 0 0 2y39w Idle
203.13.132.53 4 7474 0 0 1 0 0 2y28w Idle
203.202.143.3 4 7474 0 0 1 0 0 never Idle (Admin)
203.202.143.33 4 7474 70031828 1332803 844187187 0 0 1y8w 707729
203.202.143.34 4 7474 66670456 1342152 844187187 0 0 1y8w 707725
route-views.optus.net.au>sh ip bgp neig 202.139.124.130 policy deta
Neighbor: 202.139.124.130, Address-Family: IPv4 Unicast
Inherited polices:
route-map SET-NEXTHOP in
distribute-list 100 out
next-hop-self

Neighbor: 202.139.124.130, Address-Family: IPv4 Unicast <detail>
Inherited polices:
route-map SET-NEXTHOP in
route-map SET-NEXTHOP, deny, sequence 5
Match clauses:
ip address (access-lists): Ignore_Illegal_Routes
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map SET-NEXTHOP, permit, sequence 10
Match clauses:
Set clauses:
ip next-hop peer-address
Policy routing matches: 0 packets, 0 bytes

distribute-list 100 out
Extended IP access list 100
10 deny ip any any (803944603 matches)
route-views.optus.net.au>

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

mahesh18 · ‎08-27-2018

So does it mean that Best Route's IP address is always the first IP mentioned in the command output?

Also one way to find is the default policy command which you run for the nei.

Also other reason can be if it is IBGP it will not advertise the route learned by the IBGP to other IBGP?

Regards

Mahesh

Francesco Molino · ‎08-27-2018

Nope it's not always the first, it can be the second. Try with 198.160.84.0 and you'll see it's the second one.
I showed the detail of a specific neighbor to show you all the details that confirm is denied using distribute list.

In this specific case, is not related to ibgp.
If you run sh ip bgp neig | i BGP you'll see there are only ebgp peering:

route-views.optus.net.au>sh ip bgp neig | i BGP
BGP neighbor is 192.65.89.161, remote AS 7474, external link
Member of peer-group UNICAST-EBGP for session parameters
BGP version 4, remote router ID 192.65.89.161
BGP state = Established, up for 46w4d
BGP table version 844200936, neighbor version 844200936/0
UNICAST-EBGP peer-group member
External BGP neighbor may be up to 255 hops away.
BGP neighbor is 202.139.124.130, remote AS 7474, external link
Member of peer-group UNICAST-EBGP for session parameters
BGP version 4, remote router ID 202.139.124.130
BGP state = Established, up for 3y11w
BGP table version 844200936, neighbor version 844200936/0
UNICAST-EBGP peer-group member
External BGP neighbor may be up to 255 hops away.
BGP neighbor is 202.160.242.71, remote AS 7473, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
BGP table version 844200936, neighbor version 1/844200936
External BGP neighbor may be up to 255 hops away.
BGP neighbor is 203.13.132.7, remote AS 7474, external link
Member of peer-group UNICAST-EBGP for session parameters
BGP version 4, remote router ID 172.26.34.14
BGP state = Established, up for 2y2w
BGP table version 844200936, neighbor version 844200936/0
UNICAST-EBGP peer-group member
Last reset 2y2w, due to BGP protocol initialization
External BGP neighbor may be up to 255 hops away.
BGP neighbor is 203.13.132.29, remote AS 7474, external link
Member of peer-group UNICAST-EBGP for session parameters
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
BGP table version 844200936, neighbor version 1/844200936
UNICAST-EBGP peer-group member
External BGP neighbor may be up to 255 hops away.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

mahesh18 · ‎08-28-2018

Seems we can tell by looking at external Best to find which is the Best Route.

Can we find which factor BGP uses to decide one as Best Route?

I see that AS numbers are same on both the routes.

Regards

Mahesh

Francesco Molino · ‎08-29-2018

We don't have the full visibility here, tried to connect to see if i had yet a subnet in this range but nothing showed up.
I believe it took the oldest one (1st announced path).

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

mahesh18 · ‎08-31-2018

Many thanks for answering all the questions

Francesco Molino · ‎08-31-2018

You're very welcome buddy.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question