Re: BGP next-hop-self - Page 2

_rucisco_ · ‎12-07-2021

Hi guys,

I have a simple BGP network with 3 ASs.

I have configured eBGP sessions between R1 & R2, and R3 & R5. I have also configured iBGP sessions between loopback interfaces of R2 & R4, R4 & R3, and R2 & R3.

The next-hop-self parameter has been added in R2 and R3 because AS 2 is running RIPv2 to share just the loopback addresses and internal networks (R2-R4 and R3-R4, not the ones connected with AS 1 and AS 3).

R4's BGP table is as follows:

BGP table version is 4, local router ID is 4.4.4.4, vrf id 0
Default local pref 100, local AS 200
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i10.0.0.0/16      2.2.2.2                  0    100      0 100 i
*>i30.0.0.0/16      3.3.3.3                  0    100      0 300 i

Displayed  2 routes and 2 total paths

Next I show R4's routing table:

Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

R>* 2.2.2.2/32 [120/2] via 20.1.0.1, eth0, 02:05:52
R>* 3.3.3.3/32 [120/2] via 20.2.0.2, eth1, 02:01:45
C>* 4.4.4.4/32 is directly connected, lo, 02:00:54
B>  10.0.0.0/16 [200/0] via 2.2.2.2 (recursive), 01:05:07
  *                       via 20.1.0.1, eth0, 01:05:07
C>* 20.1.0.0/16 is directly connected, eth0, 02:13:26
C>* 20.2.0.0/16 is directly connected, eth1, 02:13:08
B>  30.0.0.0/16 [200/0] via 3.3.3.3 (recursive), 01:18:14
  *                       via 20.2.0.2, eth1, 01:18:14

I can see 10.0.0.0/16 (AS1's advertised prefix) and 30.0.0.0/16 (AS3's advertised prefix) both in the BGP table and routing table (via R2 and R3 respectively). However, when I ping from R1 to R5 and viceversa, these packets do not traverse R4.

Can anyone explain why?

Thanks!

---

Edit: to solve a typo

Harold Ritter · ‎12-07-2021

Hi @_rucisco_ ,

If you advertised the edge networks either via the IGP or BGP, you do not really need the next-hop-self. I normally not recommend advertising the edge networks though and personally prefer to use next-hop-self instead.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

_rucisco_ · ‎12-08-2021

Hi @Harold Ritter

Thank you for your time and support.

I'd like to ask about your process in configuring a system like this. I understood you prefer to use an IGP to advertise the networks within your AS (just like I did) and then how do you proceed with advertising prefixes?

In my case, AS 2 owns 20.0.0.0/8, and uses some subranges (20.0.0.0/16 and 20.3.0.0/16) for the connection with other ASs. How do you configure that? Do you take one of the ASBR and configure it to advertise the whole range, just the interior subnetworks?

The point is, if I advertise the whole range (20.0.0.0/8), I would end up telling my interior routers (via iBGP) about the edge networks and wouldn't make sense to use next-hop-self, right?

What's the recommended approach and why?

Thanks a lot!

_rucisco_ · ‎12-09-2021

Hi @Harold Ritter

I am still confused on how to solve this.

If I advertise 20.0.0.0/16 and 20.3.0.0/16 either via iBGP or an IGP I don't need next-hop-self but if I don't AS1 and AS3 don't get the required information to reply pings from other the side.

Does this mean I shouldn't be using next-hop-self in this case and instead advertise prefixes?

Thanks

Harold Ritter · ‎12-09-2021

HI @_rucisco_ ,

Using next-hop-self on R2 and R3 will allow R2, R3 and R4 to resolve the route coming from AS1 and AS3. There is no need to advertise the subnet between AS2 and AS1 or AS2 and AS3 for it to happen. The next step is to make sure that traffic flowing via AS2 is sourced or destined from addresses advertised from AS1 (10.0.0.0/16) and AS3 (30.0.0.0/16).

Did you try what I suggested, which was to remove the extra routes you had added and try to ping from R5 to R1 using eth1 interface IP address as the source as follow:

ping 10.0.0.1 source 30.0.0.1.

This way all routers in AS2 should have the required routing information to forward the packets between R5 and R1.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

_rucisco_ · ‎12-09-2021

Hi @Harold Ritter,

Thanks once more for your input.

I understand your point and, yes, it works when I remove all the extra network advertising (I only advertise 20.1.0.0/16 on R2 and 20.2.0.0/16 on R3) but I would like to understand how to configure things so that I am also able to ping from 20.3.0.2 to 10.0.0.1. How can I do this?

Thanks!

Harold Ritter · ‎12-09-2021

Hi @_rucisco_ ,

> how to configure things so that I am also able to ping from 20.3.0.2 to 10.0.0.1. How can I do this?

You will need to advertise the edge subnet (20.3.0.0/16) in BGP, either from R5 or R3.

router bgp 200

address-family ipv4 unicast

network 20.3.0.0 mask 255.255.0.0

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

_rucisco_ · ‎12-09-2021

Hi @Harold Ritter,

OK, but in that case I wouldn't use the next-hop-self, right?

Thanks!

Harold Ritter · ‎12-09-2021

Hi @_rucisco_ ,

This will work whether next-hop-self is configured or not.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

_rucisco_ · ‎12-09-2021

@Harold Ritter Thanks for all your help!

Harold Ritter · ‎12-09-2021

Hi @_rucisco_ ,

You are very welcome.

Thanks for the feedback,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter · ‎12-07-2021

Hi @_rucisco_ ,

The only thing wrong I saw before was the source address (20.3.0.2), which was not reachable from AS1. You should remove these extra routes you just added and do the test again specifying the source address when you ping from R1 to R5 or vice versa.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México