Solved: Re: BGP - New additional subnet advertised but not available

TRENT WAITE · ‎09-10-2019

Hi, we have BGP session announcing a subnet provided by one of our ISPs. Recently we obtained our own subnet to include in our BGP session with both our ISPs. Hoping someone can help me with this, I believe I have missed something simple.

Each of our edge routers is connected to a different ISP, with iBGP running between them. From the outside I am unable to ping the new addresses, or running traceroute remotely finds the path of the new subnet. I have verified the new subnet was correct, but still see hours later in a ASN lookup only our original subnet advertised being shown. Running command "show ip bgp neighbor XXXXX advertised-routes" on each router shows both of our subnets correctly (I assume)

 Network Next Hop Metric LocPrf Weight Path
*> 33.33.33.0/24 0.0.0.0 0 32768 i
*> 198.11.11.0 0.0.0.0 0 32768 i

I am able to access ALL devices/servers/etc that use 33.33.33.0 (original subnet) just fine. All new addresses, even these edge routers are inaccessible remotely from multiple locations. Right now the only difference is I have not added a null route to ISP #1's router. Internally everything looks like it should work (at least from my limited knowledge), externally the new subnet is not available or what appears advertised.

Both routers are running IOS XE Software, Version 16.06.04. The new subnet 198.*** is a Class C provide by ARIN

ISP #1 Router

ISP #2 Router

interface Port-channel1.100
encapsulation dot1Q 100
ip address 33.33.33.252 255.255.255.0
!
interface Port-channel1.101
encapsulation dot1Q 101
ip address 198.11.11.252 255.255.255.0
!
router bgp 2**53
bgp log-neighbor-changes
network 33.33.33.0 mask 255.255.255.0
network 198.11.11.0
neighbor 10.2.2.2 remote-as 2**53
neighbor 10.2.2.2 next-hop-self
neighbor 33.22.22.22 remote-as 1*4
neighbor 33.22.22.22 prefix-list ISPOUT out
!
ip prefix-list ISPOUT seq 5 permit 33.33.33.0/24
ip prefix-list ISPOUT seq 6 permit 198.11.11.0/24

interface Port-channel1.100
encapsulation dot1Q 100
ip address 33.33.33.253 255.255.255.0
!
interface Port-channel1.101
encapsulation dot1Q 101
ip address 198.11.11.253 255.255.255.0
!
router bgp 2**53
bgp log-neighbor-changes
network 33.33.33.0 mask 255.255.255.0
network 198.11.11.0
neighbor 10.2.2.1 remote-as 2**53
neighbor 10.2.2.1 next-hop-self
neighbor 22.22.22.7 remote-as 3**4
neighbor 22.22.22.7 weight 100
neighbor 22.22.22.7 prefix-list ISPOUT out
!
ip prefix-list ISPOUT seq 5 permit 33.33.33.0/24
ip prefix-list ISPOUT seq 6 permit 198.11.11.0/24
!
ip route 198.11.11.0 255.255.255.0 Null0

4451-C#show ip bgp neighbors 33.22.22.22 advertised-routes | include 33.33.33.0
*> 33.33.33.0/24 0.0.0.0 0 32768 i
4451-C#show ip bgp neighbors 33.22.22.22 advertised-routes | include 198.11.11.0
*> 198.11.11.0 0.0.0.0 0 32768 i

4331-L#show ip bgp neighbors 22.22.22.7 advertised-routes | include 33.33.33.0
*> 33.33.33.0/24 0.0.0.0 0 32768 i
4331-L#show ip bgp neighbors 22.22.22.7 advertised-routes | include 11.11.11.0
*> 11.11.11.0 0.0.0.0 0 32768 i

paul driver · ‎09-11-2019

Hello

Is your ISP aware of this new advertised subnet, its very possible this new subnet is being filtered until you make them aware of it.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Georg Pauwen · ‎09-10-2019

Hello,

it shouldn't make a difference, but try and advertise the network with the mask:

network 198.11.11.0 mask 255.255.255.0

TRENT WAITE · ‎09-10-2019

Entering "network 198.11.11.0 mask 255.255.255.0" is accepted as in no error, but the configuration does not show the mask. This I assume because the subnet we obtained is a Class C and the mask I enter is /24.

I forgot to add, I did do soft reset with "clear ip bgp xx.xx.xx.xx out".

Georg Pauwen · ‎09-10-2019

Hello,

where does the traceroute actually stop ? Mine stops here:

14 87 ms 86 ms 86 ms 198.11.11.202.lightower.net [198.11.11.202]

is this your ISP ?

TRENT WAITE · ‎09-10-2019

I am doing a traceroute from my office to our data center routers. Doing a trace on the original subnet, it goes all the way through our ISP's network to our DC's network to our edge router. When doing traceroute on the new subnet (198.xx.xx.xx) it looks to die out after 3rd hop when reaching our ISP's backbone servers (il.ibone.comcast.net). My assumption is that while our routers are reporting they are advertising both subnets (new & old), only the old one is actually advertised or propagated.

Georg Pauwen · ‎09-10-2019

Hello,

I would check with the ISP to find out what happens to your network in their backbone...

paul driver · ‎09-11-2019

Hello

Is your ISP aware of this new advertised subnet, its very possible this new subnet is being filtered until you make them aware of it.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

TRENT WAITE · ‎09-12-2019

Thank you George and Paul, you hit the nail on the head. I did forget to contact our ISPs.