cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2558
Views
30
Helpful
11
Replies

BGP Route not failing back

J W
Beginner
Beginner

Hello! I am wondering if someone here can give me some assistance. I am having an issue with BGP but just don't know enough about it to fix it. 

 

I have BGP configured on 2 devices here, it has been configured as a failover for when the main site goes down. The issue I am having is that the route is not failing back to the primary location once the outage has been resolved. The only way to get it back to the main location is to reboot the failover site, or run "cl ip bgp *" I've played with weights of neighbors but haven't had much luck.  What would I need to configure to ensure that BGP fails back to the main site? Thanks for any help! Sorry if my ignorance towards BGP shows!

 

Main#
router bgp 65416
bgp router-id 1.1.1.114
bgp log-neighbor-changes
network x.x.x.x mask 255.255.255.240
network x.x.x.x mask 255.255.255.255 route-map PREPEND
neighbor 10.0.0.2 remote-as 65416
neighbor 10.0.0.2 update-source GigabitEthernet0/1.1
neighbor 10.0.0.2 next-hop-self
neighbor 1.1.1.113 remote-as 10796
neighbor 1.1.1.113 ebgp-multihop 3
neighbor 1.1.1.113 update-source GigabitEthernet0/0
neighbor 1.1.1.113 next-hop-self
neighbor 1.1.1.113 route-map NEXT out

route-map NEXT, permit, sequence 10
Match clauses:
Set clauses:
ip next-hop 1.1.1.114
Policy routing matches: 0 packets, 0 bytes




Secondary#
router bgp 65416
bgp router-id 2.2.2.218
bgp log-neighbor-changes
network x.x.x.x mask 255.255.255.240 route-map PREPEND
neighbor 2.2.2.217 remote-as 10796
neighbor 2.2.2.217 ebgp-multihop 3
neighbor 2.2.2.217 update-source GigabitEthernet0/0
neighbor 2.2.2.217 next-hop-self
neighbor 2.2.2.217 route-map PREPEND out

route-map PREPEND, permit, sequence 10
Match clauses:
Set clauses:
as-path prepend 65416 65416
ip next-hop 2.2.2.218
Policy routing matches: 0 packets, 0 bytes

 

 

 

1 Accepted Solution

Accepted Solutions

Hi

Apologies for the late response, imagine the following scenario:

 

  R1 ---eBGP--- ISP1

   |
   |

 iBGP

   |

   |

  R2---eBGP---ISP2

 

Now you configuration could be, taking advantage that you already have an IGP protocol (OSPF) running between your infrastructure it can be used as NLRI to create an iBGP with loopbacks otherwise it could be used with directly connected interfaces.

 

Router 1 (R1)

 

interface loopback 0

ip address 1.1.1.1 255.255.255.255

 

interface g0/0

description TO-ISP1

ip address 150.0.0.1 255.255.255.252

no shutdown

 

interface g0/1

description TO-R2

ip address 10.10.12.1 255.255.255.252

no shutdown

 

route-map INBOUND permit 5

set local-preference 5000

 

route-map OUTBOUND permit 5

set as-path prepend 10

 

router ospf 10

network 1.1.1.1 0.0.0.0 area 0

network 10.10.12.0 0.0.0.3 area 0

 

 

router bgp 10

no sync

no auto-summary

neighbor 150.0.0.2 remote 1

neighbor 150.0.0.2 route-map INBOUND in

neighbor 150.0.0.2 route-map OUTBOUND out

neighbor 2.2.2.2 remote 10

neighbor 2.2.2.2 update-source loopback0

neighbor 2.2.2.2 next-hop-self

 

 

Router 2 (R2)

 

interface loopback 0

ip address 2.2.2.2 255.255.255.255

 

interface g0/0

description TO-ISP1

ip address 160.0.0.1 255.255.255.252

no shutdown

 

interface g0/1

description TO-R1

ip address 10.10.12.2 255.255.255.252

no shutdown

 

route-map INBOUND permit 5

set local-preference 1000

 

route-map OUTBOUND permit 5

set as-path prepend 10 10 10 10

 

router ospf 10

network 2.2.2.2 0.0.0.0 area 0

network 10.10.12.0 0.0.0.3 area 0

 

router bgp 10

no sync

no auto-summary

neighbor 160.0.0.2 remote 2

neighbor 160.0.0.2 route-map INBOUND in

neighbor 160.0.0.2 route-map OUTBOUND out

neighbor 1.1.1.1 remote 10

neighbor 1.1.1.1 update-source loopback0

neighbor 1.1.1.1 next-hop-self

 

It can be taken as reference, the route-maps OUTBOUND are used for symmetric traffic, you can include additional configuration like fast fallover, password, etc.

 

Hope it is useful

:-) 

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

11 Replies 11

Julio E. Moisa
VIP Mentor VIP Mentor
VIP Mentor

Hi

It should be restablished to the primary if the parameters are ok, for example: Primary has higher Weight than Secondary.

 

The following link could be useful:

https://supportforums.cisco.com/t5/network-infrastructure-documents/bgp-fast-external-fallover-command-overview/ta-p/3142577

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

paul driver
VIP Expert VIP Expert
VIP Expert

Hello

I dont see any ibgp peering between the two sites although the main site does have the ibgp peering config but the secondary doesn't - Have you just not posted this?

 

Also I dont see any IBGP local path selection for the ibgp peers ( local preference PA)

 

@julio  The weight PA between ibgp peers isnt applicable as that PA is locally significant only

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul,

Thank you I was pointing to the eBGP to prefer one path over other, now as you mentioned I don't see iBGP between these router (just into R1), probably it was omitted. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Thank you guys for the reply!

 

I very recently inherited this network, and am still working to understand it. I've mostly got it, but BGP is something I just haven't had any meaningful experience with (lab or otherwise). 

 

I am assuming you are referring to the "neighbor 10.0.0.2" entries? Correct, those are not present in the secondaries config. I thought it looked funny, but again I don't know enough about BGP to know what's right or wrong. Would adding those to the secondary help (using the IP of the main site in the neighbor command, of course).

 

What I posted in my original post is all there is as far as BGP configuration goes (right or wrong).

Hi

Thank you, as Paul mentioned it is correct, apparently there is no an iBGP between the routers so that could be the root cause.

I have a topology in my mind but could you please provide us how they are interconnected?

 

Thank you in advance. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hello
If these two rtrs are in the same location using the same Local As and peering to different ISP ebgp peers as they seem to be then for failover to work they need to be connected between each other- (preferably physically connected) and have an Igbp peering created

Then you can apply some local preference between them so one or each rtr can become the best path for certain internal routes for external access and if one of them fails then the other would take over the routing.

Can you please post the config of both rtrs so they can be verified as to the current setup

Also a simple topology diagram would be helpful if applicable

Res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thanks for the help, guys! So these two routers are connected to each other via an eLAN provided and managed by Spectrum. Their public IP's are also provided by Spectrum. They are no where near each other physically, but are both on Spectrum's eLAN.

 

Main Config:

!
hostname Main
!
boot-start-marker
boot-end-marker
!
!
card type t1 0 0

!
aaa new-model
!
!
aaa authentication ppp default local
!
!
!
!
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EST recurring
network-clock-participate wic 0 
network-clock-select 1 T1 0/0/0
!
!
crypto pki trustpoint TP-self-signed-1152395410
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1152395410
 revocation-check none
 rsakeypair TP-self-signed-1152395410
!
!
crypto pki certificate chain TP-self-signed-1152395410
 certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
ip cef
!
!
!
!


!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.1.1.1 10.1.1.10
ip dhcp excluded-address 10.0.66.1 10.0.66.50
ip dhcp excluded-address 10.0.65.1 10.0.65.50
ip dhcp excluded-address 10.0.64.1 10.0.64.255
ip dhcp excluded-address 10.0.67.1 10.0.67.255
ip dhcp excluded-address 10.0.66.210 10.0.66.220
ip dhcp excluded-address 10.0.40.1 10.0.40.10
ip dhcp excluded-address 10.0.65.165
ip dhcp excluded-address 10.10.0.1 10.10.0.20
ip dhcp excluded-address 10.1.200.1 10.1.200.20
!
ip dhcp pool VOICE
 network 10.1.1.0 255.255.255.0
 default-router 10.1.1.1 
 option 150 ip 10.10.0.14 10.10.0.2 
!
ip dhcp pool DATA
 network 10.0.64.0 255.255.252.0
 next-server 10.0.64.220 
 default-router 10.0.66.1 
 dns-server 10.0.66.199 10.0.66.45 
 netbios-name-server 10.0.66.199 
 domain-name XXX.local
 option 66 ip 10.0.64.220 
 option 67 ascii "undionly.kpxe"
 lease 7
!
!
!
ip domain name XXX.local
ip name-server 10.0.66.199
ip multicast-routing 
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
!
!
!
isdn switch-type primary-ni
!
!
trunk group LOCAL_PRI
!
!
trunk group fr1
!
voice-card 0
 voice-service dsp-reservation 50
 dsp services dspfarm
!
!
!
voice service voip
 ip address trusted list
  ipv4 10.10.0.3
  ipv4 10.10.0.5
  ipv4 10.10.0.2
  ipv4 10.10.0.14
  ipv4 10.10.0.4
 allow-connections h323 to h323
 allow-connections h323 to sip
 allow-connections sip to h323
 allow-connections sip to sip
 fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
 sip
!
voice class codec 1
 codec preference 1 g711ulaw
 codec preference 2 g729r8
!
!
voice register global
!
!
!
!
voice translation-rule 9
!
!
voice translation-profile CALLBLOCK
 translate calling 9
!
voice translation-profile did
 translate called 1
!
!
!
license udi pid CISCO2951/K9 sn 
license accept end user agreement
license boot module c2951 technology-package securityk9
license boot module c2951 technology-package uck9
license boot module c2951 technology-package datak9
hw-module pvdm 0/0
!
hw-module pvdm 0/1
!
hw-module pvdm 0/2
!
!
!
archive
 log config
  hidekeys
!
spanning-tree vlan 1 priority 8192

!
redundancy
!
!
!
!
!
controller T1 0/0/0
 cablelength long 0db
 pri-group timeslots 1-24
!

! 
!
crypto isakmp policy 4
 authentication pre-share
 group 2
!
crypto isakmp policy 5
 hash md5
 authentication pre-share
 group 2
crypto isakmp key greipsec.xxx.com address 0.0.0.0        
crypto isakmp keepalive 20 periodic
crypto isakmp aggressive-mode disable
!
!
crypto ipsec transform-set greipsec esp-des esp-md5-hmac 
 mode transport
!
!
crypto ipsec profile greipsec
 set transform-set greipsec 
!
!
!
!
!
!
interface Loopback0
 ip address x.x.x.x 255.255.255.240
!
interface Loopback2
 no ip address
!
interface Loopback10
 ip address 1.1.1.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface Tunnel0
 ip address 172.16.224.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 no ip next-hop-self eigrp 1
 no ip split-horizon eigrp 1
 ip nhrp authentication greipsec
 ip nhrp map multicast dynamic
 ip nhrp network-id 99
 ip nhrp holdtime 300
 ip ospf network broadcast
 ip ospf priority 255
 tunnel source Loopback0
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile greipsec
!
interface Port-channel5
 switchport mode trunk
 no ip address
 duplex full
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 10.0.1.2 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.1
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.1
 encapsulation dot1Q 1 native
 ip address 10.0.66.1 255.255.252.0
 ip access-group XX in
 ip helper-address 10.0.64.220
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip address 10.10.0.100 255.255.255.0
 ip pim sparse-dense-mode
!
interface GigabitEthernet0/1.20
 encapsulation dot1Q 20
!
interface GigabitEthernet0/1.23
 encapsulation dot1Q 23
 ip address 172.16.23.5 255.255.255.0
!
interface GigabitEthernet0/1.50
 encapsulation dot1Q 50
 ip address 10.10.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.100
 encapsulation dot1Q 100
 ip address 10.1.1.2 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 10.30.0.1 255.255.255.252
 duplex auto
 speed auto
!
interface Serial0/0/0:23
 no ip address
 encapsulation hdlc
 isdn switch-type primary-ni
 isdn incoming-voice voice
 isdn bchan-number-order ascending 
 trunk-group LOCAL_PRI 1
 no cdp enable
!
!
!
router eigrp 1
 network 10.0.66.1 0.0.0.0
 network 10.1.1.1 0.0.0.0
 network 10.10.0.1 0.0.0.0
 network 172.16.224.1 0.0.0.0
 redistribute ospf 1 metric 100 1 1 1 1
!
router ospf 1
 router-id 10.0.66.1
 priority 1
 redistribute eigrp 1
 network 10.0.1.2 0.0.0.0 area 0
 network 10.0.66.1 0.0.0.0 area 0
 network 10.10.1.1 0.0.0.0 area 0
!
router bgp 65416
 bgp router-id x.x.x.114
 bgp log-neighbor-changes
 network x.x.x.96 mask 255.255.255.240
 network x.x.x.110 mask 255.255.255.255 route-map PREPEND
 neighbor 10.0.64.6 remote-as 65416
 neighbor 10.0.64.6 update-source GigabitEthernet0/1.1
 neighbor 10.0.64.6 next-hop-self
 neighbor x.x.x.113 remote-as 10796
 neighbor x.x.x.113 ebgp-multihop 3
 neighbor x.x.x.113 update-source GigabitEthernet0/0
 neighbor x.x.x.113 next-hop-self
 neighbor x.x.x.113 route-map NEXT out
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:gui
!
ip nat inside source static 10.0.64.235 x.x.x.97 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 21 x.x.x.98 21 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 23 x.x.x.98 23 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 25 x.x.x.98 25 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 80 x.x.x.98 80 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 443 x.x.x.98 443 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 446 x.x.x.98 446 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 447 x.x.x.98 447 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 449 x.x.x.98 449 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 8470 x.x.x.98 8470 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 8471 x.x.x.98 8471 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 8472 x.x.x.98 8472 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 8473 x.x.x.98 8473 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 8474 x.x.x.98 8474 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 8475 x.x.x.98 8475 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 8476 x.x.x.98 8476 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 10088 x.x.x.98 10088 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 17019 x.x.x.98 17019 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.231 20021 x.x.x.98 20021 route-map EXEMPT extendable
ip nat inside source static 10.0.66.231 x.x.x.98 route-map EXEMPT extendable
ip nat inside source static 10.0.67.201 x.x.x.100 route-map EXEMPT extendable
ip nat inside source static tcp 10.0.66.31 443 x.x.x.101 443 extendable
ip nat inside source static tcp 10.0.66.31 444 x.x.x.101 444 extendable
ip nat inside source static tcp 10.0.66.31 5061 x.x.x.101 5061 extendable
ip nat inside source static tcp 10.0.66.31 5086 x.x.x.101 5086 extendable
ip nat inside source static tcp 10.0.66.31 5087 x.x.x.101 5087 extendable
ip nat inside source static 10.10.1.8 x.x.x.102 extendable
ip nat inside source static 10.10.1.11 x.x.x.103 extendable
ip nat inside source static tcp 10.0.64.60 80 x.x.x.104 80 extendable
ip nat inside source static tcp 10.0.64.60 443 x.x.x.104 443 extendable
ip nat inside source static 10.0.67.249 x.x.x.105 route-map EXEMPT extendable
ip nat inside source static 10.0.67.187 x.x.x.106 route-map EXEMPT extendable
ip nat inside source static 10.0.67.233 x.x.x.107 route-map EXEMPT extendable
ip nat inside source static 10.0.67.190 x.x.x.108 route-map internet extendable
ip nat inside source static 10.0.64.5 x.x.x.109 route-map EXEMPT extendable
ip nat inside source static 10.0.67.205 x.x.x.110 route-map EXEMPT extendable
ip route 10.0.2.0 255.255.255.0 10.0.1.1
ip route 10.0.3.0 255.255.255.0 10.0.1.1
ip route 10.0.5.0 255.255.255.0 10.0.64.6
ip route 10.0.22.0 255.255.255.0 172.16.21.2
ip route 10.0.48.0 255.255.255.0 10.0.1.1
ip route 10.0.49.0 255.255.255.0 10.0.1.1
ip route 10.0.59.0 255.255.255.0 10.0.1.1
ip route 10.11.4.0 255.255.255.0 10.0.1.1
ip route 10.11.10.0 255.255.255.0 10.0.1.1
ip route 10.11.11.0 255.255.255.0 10.0.1.1
ip route 10.11.12.0 255.255.255.0 10.0.1.1
ip route 10.11.14.0 255.255.255.0 10.0.1.1
ip route 10.11.15.0 255.255.255.0 10.0.1.1
ip route 10.11.16.0 255.255.255.0 10.0.1.1
ip route 10.11.17.0 255.255.255.0 10.0.1.1
ip route 10.12.4.0 255.255.255.0 10.0.1.1
ip route 10.15.0.0 255.255.255.0 10.0.1.1
ip route 10.17.0.0 255.255.255.0 10.0.1.1
ip route 10.20.0.0 255.255.255.0 10.0.1.1
ip route 10.31.1.0 255.255.255.0 10.0.1.1
ip route 10.32.0.0 255.255.255.0 10.0.1.1
ip route 10.37.0.0 255.255.255.0 10.0.1.1
ip route 10.56.0.0 255.255.255.0 10.0.1.1
ip route 10.57.0.0 255.255.255.0 10.0.1.1
ip route 10.58.0.0 255.255.255.0 10.0.1.1
ip route x.x.x.96 255.255.255.240 1.1.1.2
ip route x.x.x.113 255.255.255.255 10.0.1.1
ip route 192.168.1.0 255.255.255.0 10.0.1.1
ip route 192.168.50.0 255.255.255.0 10.0.64.1
!
ip access-list extended XX
 permit ip 10.11.4.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.11.4.0 0.0.0.255
 permit ip 10.12.4.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.12.4.0 0.0.0.255
 permit ip 10.56.0.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.56.0.0 0.0.0.255
 permit ip 10.0.2.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.0.2.0 0.0.0.255
 permit ip 10.20.0.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.20.0.0 0.0.0.255
 permit ip 10.0.49.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.0.49.0 0.0.0.255
 permit ip 10.0.3.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.0.3.0 0.0.0.255
 permit ip 10.11.12.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.11.12.0 0.0.0.255
 permit ip 10.11.14.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.11.14.0 0.0.0.255
 permit ip 10.58.0.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.58.0.0 0.0.0.255
 permit ip 10.57.0.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.57.0.0 0.0.0.255
 permit ip 10.11.17.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.11.17.0 0.0.0.255
 permit ip 10.15.0.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.15.0.0 0.0.0.255
 permit ip 10.31.1.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.31.1.0 0.0.0.255
 permit ip 10.0.59.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.0.59.0 0.0.0.255
 permit ip 10.17.0.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.17.0.0 0.0.0.255
 permit ip 10.11.10.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.11.10.0 0.0.0.255
 permit ip 10.0.48.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.0.48.0 0.0.0.255
 permit ip 10.32.0.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.32.0.0 0.0.0.255
 permit ip 10.11.16.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.11.16.0 0.0.0.255
 permit ip 10.11.11.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.11.11.0 0.0.0.255
 permit ip 10.37.0.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.37.0.0 0.0.0.255
 permit ip 10.11.15.0 0.0.0.255 host 10.0.66.231
 permit ip host 10.0.66.231 10.11.15.0 0.0.0.255
 permit ip 10.11.4.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.11.4.0 0.0.0.255
 permit ip 10.12.4.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.12.4.0 0.0.0.255
 permit ip 10.56.0.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.56.0.0 0.0.0.255
 permit ip 10.0.2.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.0.2.0 0.0.0.255
 permit ip 10.20.0.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.20.0.0 0.0.0.255
 permit ip 10.0.49.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.0.49.0 0.0.0.255
 permit ip 10.0.3.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.0.3.0 0.0.0.255
 permit ip 10.11.12.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.11.12.0 0.0.0.255
 permit ip 10.11.14.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.11.14.0 0.0.0.255
 permit ip 10.58.0.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.58.0.0 0.0.0.255
 permit ip 10.57.0.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.57.0.0 0.0.0.255
 permit ip 10.11.17.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.11.17.0 0.0.0.255
 permit ip 10.15.0.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.15.0.0 0.0.0.255
 permit ip 10.31.1.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.31.1.0 0.0.0.255
 permit ip 10.0.59.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.0.59.0 0.0.0.255
 permit ip 10.17.0.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.17.0.0 0.0.0.255
 permit ip 10.11.10.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.11.10.0 0.0.0.255
 permit ip 10.0.48.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.0.48.0 0.0.0.255
 permit ip 10.32.0.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.32.0.0 0.0.0.255
 permit ip 10.11.16.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.11.16.0 0.0.0.255
 permit ip 10.11.11.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.11.11.0 0.0.0.255
 permit ip 10.37.0.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.37.0.0 0.0.0.255
 permit ip 10.11.15.0 0.0.0.255 host 10.0.64.5
 permit ip host 10.0.64.5 10.11.15.0 0.0.0.255
 deny   ip 10.11.4.0 0.0.0.255 any
 deny   ip 10.12.4.0 0.0.0.255 any
 deny   ip 10.56.0.0 0.0.0.255 any
 deny   ip 10.0.2.0 0.0.0.255 any
 deny   ip 10.20.0.0 0.0.0.255 any
 deny   ip 10.0.49.0 0.0.0.255 any
 deny   ip 10.0.3.0 0.0.0.255 any
 deny   ip 10.11.12.0 0.0.0.255 any
 deny   ip 10.11.14.0 0.0.0.255 any
 deny   ip 10.58.0.0 0.0.0.255 any
 deny   ip 10.57.0.0 0.0.0.255 any
 deny   ip 10.11.17.0 0.0.0.255 any
 deny   ip 10.15.0.0 0.0.0.255 any
 deny   ip 10.31.1.0 0.0.0.255 any
 deny   ip 10.0.59.0 0.0.0.255 any
 deny   ip 10.17.0.0 0.0.0.255 any
 deny   ip 10.11.10.0 0.0.0.255 any
 deny   ip 10.0.48.0 0.0.0.255 any
 deny   ip 10.32.0.0 0.0.0.255 any
 deny   ip 10.11.16.0 0.0.0.255 any
 deny   ip 10.11.11.0 0.0.0.255 any
 deny   ip 10.37.0.0 0.0.0.255 any
 deny   ip 10.11.15.0 0.0.0.255 any
 deny   ip any 10.11.4.0 0.0.0.255
 deny   ip any 10.12.4.0 0.0.0.255
 deny   ip any 10.56.0.0 0.0.0.255
 deny   ip any 10.0.2.0 0.0.0.255
 deny   ip any 10.20.0.0 0.0.0.255
 deny   ip any 10.0.49.0 0.0.0.255
 deny   ip any 10.0.3.0 0.0.0.255
 deny   ip any 10.11.12.0 0.0.0.255
 deny   ip any 10.11.14.0 0.0.0.255
 deny   ip any 10.58.0.0 0.0.0.255
 deny   ip any 10.57.0.0 0.0.0.255
 deny   ip any 10.11.17.0 0.0.0.255
 deny   ip any 10.15.0.0 0.0.0.255
 deny   ip any 10.31.1.0 0.0.0.255
 deny   ip any 10.0.59.0 0.0.0.255
 deny   ip any 10.17.0.0 0.0.0.255
 deny   ip any 10.11.10.0 0.0.0.255
 deny   ip any 10.0.48.0 0.0.0.255
 deny   ip any 10.32.0.0 0.0.0.255
 deny   ip any 10.11.16.0 0.0.0.255
 deny   ip any 10.11.11.0 0.0.0.255
 deny   ip any 10.37.0.0 0.0.0.255
 deny   ip any 10.11.15.0 0.0.0.255
 permit ip any any
ip access-list extended EXEMPT
 deny   ip host 10.0.67.201 192.168.1.0 0.0.0.255
 deny   ip host 10.0.67.201 10.0.0.0 0.255.255.255
 deny   ip host 10.0.64.5 10.0.0.0 0.255.255.255
 deny   ip host 10.0.67.233 10.0.0.0 0.255.255.255
 deny   ip host 10.0.67.249 10.0.0.0 0.255.255.255
 deny   ip host 10.0.67.249 192.168.1.0 0.0.0.255
 deny   ip host 10.0.66.231 10.0.0.0 0.255.255.255
 deny   ip host 10.0.66.231 192.168.1.0 0.0.0.255
 deny   ip host 10.0.66.235 192.168.1.0 0.0.0.255
 deny   ip host 10.0.67.172 192.168.1.0 0.0.0.255
 deny   ip host 10.0.67.187 10.0.0.0 0.255.255.255
 deny   ip host 10.0.67.187 192.168.1.0 0.0.0.255
 deny   ip host 10.0.67.189 192.168.1.0 0.0.0.255
 deny   ip host 10.0.67.189 10.0.0.0 0.255.255.255
 deny   ip host 10.0.67.233 192.168.1.0 0.0.0.255
 deny   ip host 10.0.64.235 10.0.0.0 0.255.255.255
 deny   ip host 10.0.66.200 10.0.0.0 0.255.255.255
 deny   ip host 10.0.67.172 10.0.0.0 0.255.255.255
 deny   ip host 10.0.66.202 10.0.1.0 0.0.0.255
 permit ip any any
!
!
nls resp-timeout 1
cpd cr-id 1
route-map NEXT permit 10
 set ip next-hop x.x.x.114
!
route-map EXEMPT permit 10
 match ip address EXEMPT
!
route-map internet permit 10
 match ip address EXEMPT
!
route-map PREPEND permit 10
 set as-path prepend 65416 65416 65416
 set ip next-hop x.x.x.114
!
!
!
!
!
control-plane
!
!
voice-port 0/0/0:23
!
voice-port 0/2/0
 description 6745_MODEM
!
voice-port 0/2/1
 description 108_POTS
!
voice-port 0/2/2
!
voice-port 0/2/3
 !
 !
 !
!
ccm-manager fallback-mgcp 
ccm-manager redundant-host 10.10.0.2 10.10.0.4
ccm-manager mgcp
no ccm-manager fax protocol cisco
ccm-manager music-on-hold
ccm-manager config server 10.10.0.2  
ccm-manager config
!
mgcp
mgcp call-agent 10.10.0.14 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp ip qos dscp cs3 signaling
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp package-capability fxr-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
mgcp rtp payload-type g726r16 static
mgcp bind control source-interface GigabitEthernet0/1.10
mgcp bind media source-interface GigabitEthernet0/1.10
!
mgcp profile default
!
sccp local GigabitEthernet0/1.10
sccp ccm 10.10.0.100 identifier 4 version 7.0 
sccp ccm 10.10.0.2 identifier 3 version 7.0 
sccp ccm 10.10.0.14 identifier 1 version 7.0 
sccp ccm 10.10.0.4 identifier 2 version 7.0 
sccp
!

!
!
!
gatekeeper
 shutdown
!
!
telephony-service
 sdspfarm units 10
 sdspfarm transcode sessions 10
 sdspfarm tag 1 rtr-xcode
 max-ephones 25
 max-dn 50
 ip source-address 10.10.0.100 port 2000
 max-conferences 8 gain -6
 transfer-system full-consult
 create cnf-files version-stamp 7960 Aug 23 2017 09:11:08
!
!
!
line con 0
 logging synchronous
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 privilege level 15
 transport input all
line vty 5 15
 transport input all
!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/1.1
ntp master 4
ntp server 192.5.41.40
!
end

Secondary Config:

!
hostname Secondary
!
boot-start-marker
boot-end-marker
!
!
card type t1 0 0

!
aaa new-model
!
!
aaa authorization exec default local if-authenticated 
!
!
!
!
!
aaa session-id common
!
network-clock-participate wic 0 
network-clock-select 1 T1 0/0/0
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.0.99.1 10.0.99.50
ip dhcp excluded-address 10.1.9.1 10.1.9.50
!
!
ip domain name XXX.local
ip name-server 10.0.66.199
ip name-server 10.0.66.45
!
multilink bundle-name authenticated
!
!
!
!
isdn switch-type primary-ni
!
!
trunk group x
!
!
trunk group xx
!
!
trunk group xxx
!
!
trunk group xxx
!
!
trunk group xxxx
!
crypto pki token default removal timeout 0
!
!
voice-card 0
 dsp services dspfarm
!
!
!
voice service voip
 ip address trusted list
  ipv4 10.10.0.3
  ipv4 10.10.0.5
  ipv4 10.10.0.2
  ipv4 10.10.0.14
  ipv4 10.10.0.4
 allow-connections h323 to h323
 allow-connections h323 to sip
 allow-connections sip to h323
 allow-connections sip to sip
 fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
 sip
!
voice class codec 1
 codec preference 1 g711ulaw
 codec preference 2 g729r8
!
!
!
!

!
!
voice translation-profile did
 translate called 1
!
!
!
application
 global
  service alternate Default
 !
!
license udi pid CISCO2911/K9 sn 
license boot module c2900 technology-package securityk9
hw-module pvdm 0/0
!
hw-module pvdm 0/1
!
!
!

!
redundancy
!
!
!
!
controller T1 0/0/0
 cablelength long 0db
 pri-group timeslots 1-24
!
ip ssh time-out 30
! 
!
crypto isakmp policy 4
 authentication pre-share
 group 2
crypto isakmp key greipsec.xx.com address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 20 periodic
crypto isakmp aggressive-mode disable
!
!
crypto ipsec transform-set greipsec esp-des esp-md5-hmac 
 mode transport
!
crypto ipsec profile greipsec
 set transform-set greipsec 
!
!
!
!
!
!
interface Loopback0
 ip address x.x.x.110 255.255.255.240
!
interface Tunnel0
 bandwidth 1000
 ip address 172.16.225.3 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication dreipsec
 ip nhrp map multicast dynamic
 ip nhrp network-id 99
 ip nhrp holdtime 300
 ip nhrp interest 100
 ip ospf network broadcast
 ip ospf priority 0
 delay 1000
 tunnel source 10.0.5.2
 tunnel mode gre multipoint
 tunnel key 200000
 tunnel protection ipsec profile greipsec shared
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 10.0.5.2 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.0.64.6 255.255.252.0
 ip nat inside
 ip virtual-reassembly in
 ip ospf priority 0
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address 10.40.0.1 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Serial0/0/0:23
 no ip address
 encapsulation hdlc
 isdn switch-type primary-ni
 isdn incoming-voice voice
 isdn outgoing display-ie
 no cdp enable
!
router bgp 65416
 bgp router-id x.x.x.218
 bgp log-neighbor-changes
 network x.x.x.96 mask 255.255.255.240 route-map PREPEND
 neighbor x.x.x.217 remote-as 10796
 neighbor x.x.x.217 ebgp-multihop 3
 neighbor x.x.x.217 update-source GigabitEthernet0/0
 neighbor x.x.x.217 next-hop-self
 neighbor x.x.x.217 route-map PREPEND out
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source static tcp 10.0.66.231 23 x.x.x.98 23 extendable
ip nat inside source static tcp 10.0.66.231 80 x.x.x.98 80 extendable
ip nat inside source static tcp 10.0.66.231 443 x.x.x.98 443 extendable
ip nat inside source static tcp 10.0.66.231 446 x.x.x.98 446 extendable
ip nat inside source static tcp 10.0.66.231 447 x.x.x.98 447 extendable
ip nat inside source static tcp 10.0.66.231 449 x.x.x.98 449 extendable
ip nat inside source static tcp 10.0.66.231 8470 x.x.x.98 8470 extendable
ip nat inside source static tcp 10.0.66.231 8471 x.x.x.98 8471 extendable
ip nat inside source static tcp 10.0.66.231 8472 x.x.x.98 8472 extendable
ip nat inside source static tcp 10.0.66.231 8473 x.x.x.98 8473 extendable
ip nat inside source static tcp 10.0.66.231 8474 x.x.x.98 8474 extendable
ip nat inside source static tcp 10.0.66.231 8475 x.x.x.98 8475 extendable
ip nat inside source static tcp 10.0.66.231 8476 x.x.x.98 8476 extendable
ip nat inside source static tcp 10.0.66.231 10088 x.x.x.98 10088 extendable
ip nat inside source static tcp 10.0.66.231 17019 x.x.x.98 17019 extendable
ip nat inside source static tcp 10.0.66.202 25 x.x.x.99 25 extendable
ip nat inside source static tcp 10.0.66.201 80 x.x.x.99 80 extendable
ip nat inside source static tcp 10.0.66.201 110 x.x.x.99 110 extendable
ip nat inside source static tcp 10.0.66.201 443 x.x.x.99 443 extendable
ip nat inside source static 10.0.66.201 x.x.x.99
ip nat inside source static tcp 10.0.66.31 443 x.x.x.101 443 extendable
ip nat inside source static tcp 10.0.66.31 444 x.x.x.101 444 extendable
ip nat inside source static tcp 10.0.66.31 5061 x.x.x.101 5061 extendable
ip nat inside source static tcp 10.0.66.31 5086 x.x.x.101 5086 extendable
ip nat inside source static tcp 10.0.66.31 5087 x.x.x.101 5087 extendable
ip nat inside source static 10.0.66.35 x.x.x.102 extendable
ip nat inside source static tcp 10.0.65.132 443 x.x.x.103 443 extendable
ip nat inside source static tcp 10.0.66.231 443 x.x.x.98 443 extendable
ip nat inside source static tcp 10.0.66.231 17018 x.x.x.98 17018 extendable
ip nat inside source static tcp 10.0.66.1 443 x.x.x.100 443 extendable
ip route 10.0.0.0 255.0.0.0 10.0.64.1
ip route x.x.x.217 255.255.255.255 10.0.5.1
ip route 192.168.1.0 255.255.255.0 10.0.1.1
!
ip access-list extended NAT
 permit ip 10.0.64.0 0.0.3.255 any
 permit ip 0.0.0.0 255.255.255.0 any
 permit ip 10.0.66.0 0.0.0.255 any
 permit ip 10.0.55.0 0.0.0.255 any
 permit ip 10.0.60.0 0.0.0.255 any
 permit ip 10.0.79.0 0.0.0.255 any
 permit ip 10.0.71.0 0.0.0.255 any
 permit ip 10.0.99.0 0.0.0.255 any
 permit ip 10.0.6.0 0.0.0.255 any
 permit ip 10.0.86.0 0.0.0.255 any
 permit ip 10.0.78.0 0.0.0.255 any
 permit ip 10.0.77.0 0.0.0.255 any
 permit ip 10.0.68.0 0.0.0.255 any
 permit ip 10.0.70.0 0.0.0.255 any
 permit ip 10.0.73.0 0.0.0.255 any
 permit ip 10.0.80.0 0.0.0.255 any
ip access-list extended STATIC-EIGRP
 permit ip 10.0.64.0 0.0.0.255 any
 permit ip 10.10.0.0 0.0.0.255 any
 permit ip 10.1.1.0 0.0.0.255 any
!
access-list 64 permit any
access-list 99 permit any
!
!
!
!
route-map PREPEND permit 10
 set as-path prepend 65416 65416
 set ip next-hop x.x.x.218
!
route-map STATIC-EIGRP permit 10
 match ip address STATIC-EIGRP
!
!
!
!
!
control-plane
!
!
voice-port 0/0/0:23
!
ccm-manager fallback-mgcp 
ccm-manager redundant-host 10.10.0.2 10.10.0.4
ccm-manager mgcp
no ccm-manager fax protocol cisco
ccm-manager music-on-hold
ccm-manager config server 10.10.0.2  
ccm-manager config
!
mgcp
mgcp call-agent 10.10.0.14 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp package-capability fxr-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
mgcp rtp payload-type g726r16 static
mgcp bind control source-interface GigabitEthernet0/1
mgcp bind media source-interface GigabitEthernet0/1
!
!
!
gatekeeper
 shutdown
!
!

!
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 transport input ssh
!
scheduler allocate 20000 1000
end

Hi

At simple sight there are 2 things to consider, how you are are prefering the incoming prefixes from the source perspective I meaning from the internal routers. The second is the iBGP configuration is not completed on the backup router just on the first. 

 

router bgp 65416
 bgp router-id x.x.x.114
 bgp log-neighbor-changes
 network x.x.x.96 mask 255.255.255.240
 network x.x.x.110 mask 255.255.255.255 route-map PREPEND
 neighbor 10.0.64.6 remote-as 65416
 neighbor 10.0.64.6 update-source GigabitEthernet0/1.1

If you are using the directly connected interface you don't need the update-source command. 

 

I will create a configuration script to share with you and it could be useful as reference. 

 

:-)

 

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hi

Apologies for the late response, imagine the following scenario:

 

  R1 ---eBGP--- ISP1

   |
   |

 iBGP

   |

   |

  R2---eBGP---ISP2

 

Now you configuration could be, taking advantage that you already have an IGP protocol (OSPF) running between your infrastructure it can be used as NLRI to create an iBGP with loopbacks otherwise it could be used with directly connected interfaces.

 

Router 1 (R1)

 

interface loopback 0

ip address 1.1.1.1 255.255.255.255

 

interface g0/0

description TO-ISP1

ip address 150.0.0.1 255.255.255.252

no shutdown

 

interface g0/1

description TO-R2

ip address 10.10.12.1 255.255.255.252

no shutdown

 

route-map INBOUND permit 5

set local-preference 5000

 

route-map OUTBOUND permit 5

set as-path prepend 10

 

router ospf 10

network 1.1.1.1 0.0.0.0 area 0

network 10.10.12.0 0.0.0.3 area 0

 

 

router bgp 10

no sync

no auto-summary

neighbor 150.0.0.2 remote 1

neighbor 150.0.0.2 route-map INBOUND in

neighbor 150.0.0.2 route-map OUTBOUND out

neighbor 2.2.2.2 remote 10

neighbor 2.2.2.2 update-source loopback0

neighbor 2.2.2.2 next-hop-self

 

 

Router 2 (R2)

 

interface loopback 0

ip address 2.2.2.2 255.255.255.255

 

interface g0/0

description TO-ISP1

ip address 160.0.0.1 255.255.255.252

no shutdown

 

interface g0/1

description TO-R1

ip address 10.10.12.2 255.255.255.252

no shutdown

 

route-map INBOUND permit 5

set local-preference 1000

 

route-map OUTBOUND permit 5

set as-path prepend 10 10 10 10

 

router ospf 10

network 2.2.2.2 0.0.0.0 area 0

network 10.10.12.0 0.0.0.3 area 0

 

router bgp 10

no sync

no auto-summary

neighbor 160.0.0.2 remote 2

neighbor 160.0.0.2 route-map INBOUND in

neighbor 160.0.0.2 route-map OUTBOUND out

neighbor 1.1.1.1 remote 10

neighbor 1.1.1.1 update-source loopback0

neighbor 1.1.1.1 next-hop-self

 

It can be taken as reference, the route-maps OUTBOUND are used for symmetric traffic, you can include additional configuration like fast fallover, password, etc.

 

Hope it is useful

:-) 

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Thank you for the response and the time you've taken to answer my question. It is clear that I still have a lot to learn about BGP, so I am going to read up a bit more, and use your write up as a reference to re-implement BGP in this environment.

Hi

You are welcome my friend, everyday we learn something new. Theory and Practice is the key.

Any doubt we are here to assist you.

Have a great day my friend!

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers