cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1497
Views
10
Helpful
7
Replies

BGP - New additional subnet advertised but not available

TRENT WAITE
Level 1
Level 1

Hi, we have BGP session announcing a subnet provided by one of our ISPs. Recently we obtained our own subnet to include in our BGP session with both our ISPs. Hoping someone can help me with this, I believe I have missed something simple.

 

Each of our edge routers is connected to a different ISP, with iBGP running between them. From the outside I am unable to ping the new addresses, or running traceroute remotely finds the path of the new subnet. I have verified the new subnet was correct, but still see hours later in a ASN lookup only our original subnet advertised being shown. Running command "show ip bgp neighbor XXXXX advertised-routes" on each router shows both of our subnets correctly (I assume)

 Network Next Hop Metric LocPrf Weight Path
*> 33.33.33.0/24 0.0.0.0 0 32768 i
*> 198.11.11.0 0.0.0.0 0 32768 i

I am able to access ALL devices/servers/etc that use 33.33.33.0 (original subnet) just fine. All new addresses, even these edge routers are inaccessible remotely from multiple locations. Right now the only difference is I have not added a null route to ISP #1's router. Internally everything looks like it should work (at least from my limited knowledge), externally the new subnet is not available or what appears advertised.

 

Both routers are running IOS XE Software, Version 16.06.04. The new subnet 198.*** is a Class C provide by ARIN

 

ISP #1 RouterISP #2 Router

interface Port-channel1.100
encapsulation dot1Q 100
ip address 33.33.33.252 255.255.255.0
!
interface Port-channel1.101
encapsulation dot1Q 101
ip address 198.11.11.252 255.255.255.0
!
router bgp 2**53
bgp log-neighbor-changes
network 33.33.33.0 mask 255.255.255.0
network 198.11.11.0
neighbor 10.2.2.2 remote-as 2**53
neighbor 10.2.2.2 next-hop-self
neighbor 33.22.22.22 remote-as 1*4
neighbor 33.22.22.22 prefix-list ISPOUT out
!
ip prefix-list ISPOUT seq 5 permit 33.33.33.0/24
ip prefix-list ISPOUT seq 6 permit 198.11.11.0/24

 

 

interface Port-channel1.100
encapsulation dot1Q 100
ip address 33.33.33.253 255.255.255.0
!
interface Port-channel1.101
encapsulation dot1Q 101
ip address 198.11.11.253 255.255.255.0
!
router bgp 2**53
bgp log-neighbor-changes
network 33.33.33.0 mask 255.255.255.0
network 198.11.11.0
neighbor 10.2.2.1 remote-as 2**53
neighbor 10.2.2.1 next-hop-self
neighbor 22.22.22.7 remote-as 3**4
neighbor 22.22.22.7 weight 100
neighbor 22.22.22.7 prefix-list ISPOUT out
!
ip prefix-list ISPOUT seq 5 permit 33.33.33.0/24
ip prefix-list ISPOUT seq 6 permit 198.11.11.0/24
!
ip route 198.11.11.0 255.255.255.0 Null0
4451-C#show ip bgp neighbors 33.22.22.22 advertised-routes | include 33.33.33.0
*> 33.33.33.0/24 0.0.0.0 0 32768 i
4451-C#show ip bgp neighbors 33.22.22.22 advertised-routes | include 198.11.11.0
*> 198.11.11.0 0.0.0.0 0 32768 i
4331-L#show ip bgp neighbors 22.22.22.7 advertised-routes | include 33.33.33.0
*> 33.33.33.0/24 0.0.0.0 0 32768 i
4331-L#show ip bgp neighbors 22.22.22.7 advertised-routes | include 11.11.11.0
*> 11.11.11.0 0.0.0.0 0 32768 i
1 Accepted Solution

Accepted Solutions

Hello

Is your ISP aware of this new advertised subnet, its very possible this new subnet is being filtered until you make them aware of it.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

7 Replies 7

Hello,

 

it shouldn't make a difference, but try and advertise the network with the mask:

 

network 198.11.11.0 mask 255.255.255.0

Entering "network 198.11.11.0 mask 255.255.255.0" is accepted as in no error, but the configuration does not show the mask. This I assume because the subnet we obtained is a Class C and the mask I enter is /24.

 

I forgot to add, I did do soft reset with "clear ip bgp xx.xx.xx.xx out". 

Hello,

 

where does the traceroute actually stop ? Mine stops here:

 

14 87 ms 86 ms 86 ms 198.11.11.202.lightower.net [198.11.11.202]

 

is this your ISP ?

I am doing a traceroute from my office to our data center routers. Doing a trace on the original subnet, it goes all the way through our ISP's network to our DC's network to our edge router.  When doing traceroute on the new subnet (198.xx.xx.xx) it looks to die out after 3rd hop when reaching our ISP's backbone servers (il.ibone.comcast.net). My assumption is that while our routers are reporting they are advertising both subnets (new & old), only the old one is actually advertised or propagated.

 

 

Hello,

 

I would check with the ISP to find out what happens to your network in their backbone...

Hello

Is your ISP aware of this new advertised subnet, its very possible this new subnet is being filtered until you make them aware of it.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thank you George and Paul, you hit the nail on the head. I did forget to contact our ISPs. 

Review Cisco Networking for a $25 gift card