Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1102
Views
5
Helpful
4
Replies

BGP question on a CSR1000V

TRACY HARTMANN
Level 1
Level 1

‎01-27-2021 07:10 AM

We are running a CSR with two tunnel links into a site.  We are learning the same BGP routes from each interface because they got to the same place and the remote locations can use either one.   That all seems to work.  Where I have an issue is that all the routes that are learned seem to be redistrubuing back out into the BGP netowork.   So at times this site takes over as the route to remote locations when it is not.   For example 10.3.48.0/24 is a remote location address, for some reason this site redistrubutes that route as you can get their from here and then of course it dies because it really can't.   Not sure if there is an issue with my BGP config, I thought that BGP did not redistrubte unless you configured it.

 

interface GigabitEthernet2
description circuit 1
ip address 10.3.72.4 255.255.255.240
negotiation auto
!
interface GigabitEthernet3
description circuit 2
ip address 10.3.72.20 255.255.255.240
negotiation auto
!
interface GigabitEthernet4
ip address 10.3.78.1 255.255.255.128 secondary
ip address 10.3.78.129 255.255.255.128 secondary
ip address 10.3.79.126 255.255.255.128 secondary
ip address 10.127.3.254 255.255.248.0 secondary
ip address 10.127.15.254 255.255.248.0 secondary
ip address 10.128.0.254 255.255.0.0 secondary
ip address 172.17.254.254 255.255.0.0 secondary
ip address 10.3.73.4 255.255.255.0
negotiation auto
router bgp 64627
bgp log-neighbor-changes
neighbor 10.3.72.6 remote-as 64538
neighbor 10.3.72.22 remote-as 64539
!
address-family ipv4
network 10.3.72.0 mask 255.255.255.240
network 10.3.72.16 mask 255.255.255.240
network 10.3.73.0 mask 255.255.255.0
network 10.3.79.0 mask 255.255.255.128
network 10.127.0.0 mask 255.255.248.0
network 10.127.8.0 mask 255.255.248.0
network 10.128.0.0 mask 255.255.0.0
network 172.17.0.0
neighbor 10.3.72.6 activate
neighbor 10.3.72.22 activate
exit-address-family


Also not sure why the 172.17.0.0 won't take the subnet of /16

 

 

Thanks

 

Tracy

 

 

 

 

 

 

 

 

Labels:
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-27-2021 07:48 AM - edited ‎01-27-2021 07:50 AM

Hello @TRACY HARTMANN ,

easy part :

>> Also not sure why the 172.17.0.0 won't take the subnet of /16

because 172.17.0.0/16 is a Class B network that it is the default network mask so it is not shown in configuration

 

difficult part :

>>neighbor 10.3.72.6 remote-as 64538
>> neighbor 10.3.72.22 remote-as 64539

 

you have two eBGP sessions in addition to the local prefixes injected by network command your router is allowed to send to neighbor A what it has received by neighbor B and viceversa. They also use different private AS numbers and this can make accept some unwanted route.

 

all you need is to use a concept called filtering by As-path

all local routes have AS path empty before sending

ip as-path access-list 11 permit ^$

 

the regular expression ^$ means an empty AS path string ""

 

then in BGP you add

neighbor 10.3.72.6 filter-list 11 out

neighbor 10.3.72.22 filter-list 11 out

 

and this should fix your issue as only local routes are advertised in all cases even if one neighbor withdrawn a remote prefix

 

The filter-list uses the configured as-path access-list 11 to allow only locally originated routes to be sent to each eBGP neighbor.

 

Hope to help

Giuseppe

 

0 Helpful

TRACY HARTMANN
Level 1
Level 1
In response to Giuseppe Larosa

‎01-27-2021 08:51 AM

Thanks this makes sense, I will be trying the change tonight since its production and I can't make a change right now.

 

 

 

0 Helpful

TRACY HARTMANN
Level 1
Level 1
In response to TRACY HARTMANN

‎01-29-2021 07:39 AM

We made the change a couple nights ago and it looks like it did the trick.  Thanks for the help.

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to TRACY HARTMANN

‎01-29-2021 08:22 AM

Hello @TRACY HARTMANN ,

I am happy to know the suggested changes worked for your envinroment.

 

Best Regards

Giuseppe

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card