- Cisco Community
- Technology and Support
- Networking
- Routing
- Re: BGP Route not failing back
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2018 08:29 AM - edited 03-05-2019 09:44 AM
Hello! I am wondering if someone here can give me some assistance. I am having an issue with BGP but just don't know enough about it to fix it.
I have BGP configured on 2 devices here, it has been configured as a failover for when the main site goes down. The issue I am having is that the route is not failing back to the primary location once the outage has been resolved. The only way to get it back to the main location is to reboot the failover site, or run "cl ip bgp *" I've played with weights of neighbors but haven't had much luck. What would I need to configure to ensure that BGP fails back to the main site? Thanks for any help! Sorry if my ignorance towards BGP shows!
Main#
router bgp 65416
bgp router-id 1.1.1.114
bgp log-neighbor-changes
network x.x.x.x mask 255.255.255.240
network x.x.x.x mask 255.255.255.255 route-map PREPEND
neighbor 10.0.0.2 remote-as 65416
neighbor 10.0.0.2 update-source GigabitEthernet0/1.1
neighbor 10.0.0.2 next-hop-self
neighbor 1.1.1.113 remote-as 10796
neighbor 1.1.1.113 ebgp-multihop 3
neighbor 1.1.1.113 update-source GigabitEthernet0/0
neighbor 1.1.1.113 next-hop-self
neighbor 1.1.1.113 route-map NEXT out
route-map NEXT, permit, sequence 10
Match clauses:
Set clauses:
ip next-hop 1.1.1.114
Policy routing matches: 0 packets, 0 bytes
Secondary#
router bgp 65416
bgp router-id 2.2.2.218
bgp log-neighbor-changes
network x.x.x.x mask 255.255.255.240 route-map PREPEND
neighbor 2.2.2.217 remote-as 10796
neighbor 2.2.2.217 ebgp-multihop 3
neighbor 2.2.2.217 update-source GigabitEthernet0/0
neighbor 2.2.2.217 next-hop-self
neighbor 2.2.2.217 route-map PREPEND out
route-map PREPEND, permit, sequence 10
Match clauses:
Set clauses:
as-path prepend 65416 65416
ip next-hop 2.2.2.218
Policy routing matches: 0 packets, 0 bytes
Solved! Go to Solution.
- Labels:
-
Other Routing
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2018 06:03 AM
Hi
Apologies for the late response, imagine the following scenario:
R1 ---eBGP--- ISP1
|
|
iBGP
|
|
R2---eBGP---ISP2
Now you configuration could be, taking advantage that you already have an IGP protocol (OSPF) running between your infrastructure it can be used as NLRI to create an iBGP with loopbacks otherwise it could be used with directly connected interfaces.
Router 1 (R1)
interface loopback 0
ip address 1.1.1.1 255.255.255.255
interface g0/0
description TO-ISP1
ip address 150.0.0.1 255.255.255.252
no shutdown
interface g0/1
description TO-R2
ip address 10.10.12.1 255.255.255.252
no shutdown
route-map INBOUND permit 5
set local-preference 5000
route-map OUTBOUND permit 5
set as-path prepend 10
router ospf 10
network 1.1.1.1 0.0.0.0 area 0
network 10.10.12.0 0.0.0.3 area 0
router bgp 10
no sync
no auto-summary
neighbor 150.0.0.2 remote 1
neighbor 150.0.0.2 route-map INBOUND in
neighbor 150.0.0.2 route-map OUTBOUND out
neighbor 2.2.2.2 remote 10
neighbor 2.2.2.2 update-source loopback0
neighbor 2.2.2.2 next-hop-self
Router 2 (R2)
interface loopback 0
ip address 2.2.2.2 255.255.255.255
interface g0/0
description TO-ISP1
ip address 160.0.0.1 255.255.255.252
no shutdown
interface g0/1
description TO-R1
ip address 10.10.12.2 255.255.255.252
no shutdown
route-map INBOUND permit 5
set local-preference 1000
route-map OUTBOUND permit 5
set as-path prepend 10 10 10 10
router ospf 10
network 2.2.2.2 0.0.0.0 area 0
network 10.10.12.0 0.0.0.3 area 0
router bgp 10
no sync
no auto-summary
neighbor 160.0.0.2 remote 2
neighbor 160.0.0.2 route-map INBOUND in
neighbor 160.0.0.2 route-map OUTBOUND out
neighbor 1.1.1.1 remote 10
neighbor 1.1.1.1 update-source loopback0
neighbor 1.1.1.1 next-hop-self
It can be taken as reference, the route-maps OUTBOUND are used for symmetric traffic, you can include additional configuration like fast fallover, password, etc.
Hope it is useful
:-)
>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2018 10:47 AM - edited 01-10-2018 10:48 AM
Hi
It should be restablished to the primary if the parameters are ok, for example: Primary has higher Weight than Secondary.
The following link could be useful:
:-)
>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2018 12:11 PM - edited 01-10-2018 12:13 PM
Hello
I dont see any ibgp peering between the two sites although the main site does have the ibgp peering config but the secondary doesn't - Have you just not posted this?
Also I dont see any IBGP local path selection for the ibgp peers ( local preference PA)
@julio The weight PA between ibgp peers isnt applicable as that PA is locally significant only
res
Paul
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2018 12:16 PM - edited 01-10-2018 12:16 PM
Hi Paul,
Thank you I was pointing to the eBGP to prefer one path over other, now as you mentioned I don't see iBGP between these router (just into R1), probably it was omitted.
>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2018 12:53 PM
Thank you guys for the reply!
I very recently inherited this network, and am still working to understand it. I've mostly got it, but BGP is something I just haven't had any meaningful experience with (lab or otherwise).
I am assuming you are referring to the "neighbor 10.0.0.2" entries? Correct, those are not present in the secondaries config. I thought it looked funny, but again I don't know enough about BGP to know what's right or wrong. Would adding those to the secondary help (using the IP of the main site in the neighbor command, of course).
What I posted in my original post is all there is as far as BGP configuration goes (right or wrong).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2018 01:02 PM
Hi
Thank you, as Paul mentioned it is correct, apparently there is no an iBGP between the routers so that could be the root cause.
I have a topology in my mind but could you please provide us how they are interconnected?
Thank you in advance.
>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2018 01:09 PM
If these two rtrs are in the same location using the same Local As and peering to different ISP ebgp peers as they seem to be then for failover to work they need to be connected between each other- (preferably physically connected) and have an Igbp peering created
Then you can apply some local preference between them so one or each rtr can become the best path for certain internal routes for external access and if one of them fails then the other would take over the routing.
Can you please post the config of both rtrs so they can be verified as to the current setup
Also a simple topology diagram would be helpful if applicable
Res
Paul
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2018 07:02 AM
Thanks for the help, guys! So these two routers are connected to each other via an eLAN provided and managed by Spectrum. Their public IP's are also provided by Spectrum. They are no where near each other physically, but are both on Spectrum's eLAN.
Main Config:
! hostname Main ! boot-start-marker boot-end-marker ! ! card type t1 0 0 ! aaa new-model ! ! aaa authentication ppp default local ! ! ! ! ! aaa session-id common clock timezone EST -5 0 clock summer-time EST recurring network-clock-participate wic 0 network-clock-select 1 T1 0/0/0 ! ! crypto pki trustpoint TP-self-signed-1152395410 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1152395410 revocation-check none rsakeypair TP-self-signed-1152395410 ! ! crypto pki certificate chain TP-self-signed-1152395410 certificate self-signed 01 nvram:IOS-Self-Sig#2.cer ip cef ! ! ! ! ! no ip dhcp use vrf connected ip dhcp excluded-address 10.1.1.1 10.1.1.10 ip dhcp excluded-address 10.0.66.1 10.0.66.50 ip dhcp excluded-address 10.0.65.1 10.0.65.50 ip dhcp excluded-address 10.0.64.1 10.0.64.255 ip dhcp excluded-address 10.0.67.1 10.0.67.255 ip dhcp excluded-address 10.0.66.210 10.0.66.220 ip dhcp excluded-address 10.0.40.1 10.0.40.10 ip dhcp excluded-address 10.0.65.165 ip dhcp excluded-address 10.10.0.1 10.10.0.20 ip dhcp excluded-address 10.1.200.1 10.1.200.20 ! ip dhcp pool VOICE network 10.1.1.0 255.255.255.0 default-router 10.1.1.1 option 150 ip 10.10.0.14 10.10.0.2 ! ip dhcp pool DATA network 10.0.64.0 255.255.252.0 next-server 10.0.64.220 default-router 10.0.66.1 dns-server 10.0.66.199 10.0.66.45 netbios-name-server 10.0.66.199 domain-name XXX.local option 66 ip 10.0.64.220 option 67 ascii "undionly.kpxe" lease 7 ! ! ! ip domain name XXX.local ip name-server 10.0.66.199 ip multicast-routing no ipv6 cef ! multilink bundle-name authenticated ! vpdn enable ! ! ! ! isdn switch-type primary-ni ! ! trunk group LOCAL_PRI ! ! trunk group fr1 ! voice-card 0 voice-service dsp-reservation 50 dsp services dspfarm ! ! ! voice service voip ip address trusted list ipv4 10.10.0.3 ipv4 10.10.0.5 ipv4 10.10.0.2 ipv4 10.10.0.14 ipv4 10.10.0.4 allow-connections h323 to h323 allow-connections h323 to sip allow-connections sip to h323 allow-connections sip to sip fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none sip ! voice class codec 1 codec preference 1 g711ulaw codec preference 2 g729r8 ! ! voice register global ! ! ! ! voice translation-rule 9 ! ! voice translation-profile CALLBLOCK translate calling 9 ! voice translation-profile did translate called 1 ! ! ! license udi pid CISCO2951/K9 sn license accept end user agreement license boot module c2951 technology-package securityk9 license boot module c2951 technology-package uck9 license boot module c2951 technology-package datak9 hw-module pvdm 0/0 ! hw-module pvdm 0/1 ! hw-module pvdm 0/2 ! ! ! archive log config hidekeys ! spanning-tree vlan 1 priority 8192 ! redundancy ! ! ! ! ! controller T1 0/0/0 cablelength long 0db pri-group timeslots 1-24 ! ! ! crypto isakmp policy 4 authentication pre-share group 2 ! crypto isakmp policy 5 hash md5 authentication pre-share group 2 crypto isakmp key greipsec.xxx.com address 0.0.0.0 crypto isakmp keepalive 20 periodic crypto isakmp aggressive-mode disable ! ! crypto ipsec transform-set greipsec esp-des esp-md5-hmac mode transport ! ! crypto ipsec profile greipsec set transform-set greipsec ! ! ! ! ! ! interface Loopback0 ip address x.x.x.x 255.255.255.240 ! interface Loopback2 no ip address ! interface Loopback10 ip address 1.1.1.1 255.255.255.252 ip nat inside ip virtual-reassembly in ! interface Tunnel0 ip address 172.16.224.1 255.255.255.0 no ip redirects ip mtu 1400 no ip next-hop-self eigrp 1 no ip split-horizon eigrp 1 ip nhrp authentication greipsec ip nhrp map multicast dynamic ip nhrp network-id 99 ip nhrp holdtime 300 ip ospf network broadcast ip ospf priority 255 tunnel source Loopback0 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile greipsec ! interface Port-channel5 switchport mode trunk no ip address duplex full ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 10.0.1.2 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/0.1 ! interface GigabitEthernet0/1 no ip address duplex auto speed auto ! interface GigabitEthernet0/1.1 encapsulation dot1Q 1 native ip address 10.0.66.1 255.255.252.0 ip access-group XX in ip helper-address 10.0.64.220 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.10 encapsulation dot1Q 10 ip address 10.10.0.100 255.255.255.0 ip pim sparse-dense-mode ! interface GigabitEthernet0/1.20 encapsulation dot1Q 20 ! interface GigabitEthernet0/1.23 encapsulation dot1Q 23 ip address 172.16.23.5 255.255.255.0 ! interface GigabitEthernet0/1.50 encapsulation dot1Q 50 ip address 10.10.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.100 encapsulation dot1Q 100 ip address 10.1.1.2 255.255.255.0 ! interface GigabitEthernet0/2 ip address 10.30.0.1 255.255.255.252 duplex auto speed auto ! interface Serial0/0/0:23 no ip address encapsulation hdlc isdn switch-type primary-ni isdn incoming-voice voice isdn bchan-number-order ascending trunk-group LOCAL_PRI 1 no cdp enable ! ! ! router eigrp 1 network 10.0.66.1 0.0.0.0 network 10.1.1.1 0.0.0.0 network 10.10.0.1 0.0.0.0 network 172.16.224.1 0.0.0.0 redistribute ospf 1 metric 100 1 1 1 1 ! router ospf 1 router-id 10.0.66.1 priority 1 redistribute eigrp 1 network 10.0.1.2 0.0.0.0 area 0 network 10.0.66.1 0.0.0.0 area 0 network 10.10.1.1 0.0.0.0 area 0 ! router bgp 65416 bgp router-id x.x.x.114 bgp log-neighbor-changes network x.x.x.96 mask 255.255.255.240 network x.x.x.110 mask 255.255.255.255 route-map PREPEND neighbor 10.0.64.6 remote-as 65416 neighbor 10.0.64.6 update-source GigabitEthernet0/1.1 neighbor 10.0.64.6 next-hop-self neighbor x.x.x.113 remote-as 10796 neighbor x.x.x.113 ebgp-multihop 3 neighbor x.x.x.113 update-source GigabitEthernet0/0 neighbor x.x.x.113 next-hop-self neighbor x.x.x.113 route-map NEXT out ! ip forward-protocol nd ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip http path flash:gui ! ip nat inside source static 10.0.64.235 x.x.x.97 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 21 x.x.x.98 21 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 23 x.x.x.98 23 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 25 x.x.x.98 25 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 80 x.x.x.98 80 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 443 x.x.x.98 443 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 446 x.x.x.98 446 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 447 x.x.x.98 447 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 449 x.x.x.98 449 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 8470 x.x.x.98 8470 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 8471 x.x.x.98 8471 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 8472 x.x.x.98 8472 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 8473 x.x.x.98 8473 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 8474 x.x.x.98 8474 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 8475 x.x.x.98 8475 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 8476 x.x.x.98 8476 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 10088 x.x.x.98 10088 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 17019 x.x.x.98 17019 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.231 20021 x.x.x.98 20021 route-map EXEMPT extendable ip nat inside source static 10.0.66.231 x.x.x.98 route-map EXEMPT extendable ip nat inside source static 10.0.67.201 x.x.x.100 route-map EXEMPT extendable ip nat inside source static tcp 10.0.66.31 443 x.x.x.101 443 extendable ip nat inside source static tcp 10.0.66.31 444 x.x.x.101 444 extendable ip nat inside source static tcp 10.0.66.31 5061 x.x.x.101 5061 extendable ip nat inside source static tcp 10.0.66.31 5086 x.x.x.101 5086 extendable ip nat inside source static tcp 10.0.66.31 5087 x.x.x.101 5087 extendable ip nat inside source static 10.10.1.8 x.x.x.102 extendable ip nat inside source static 10.10.1.11 x.x.x.103 extendable ip nat inside source static tcp 10.0.64.60 80 x.x.x.104 80 extendable ip nat inside source static tcp 10.0.64.60 443 x.x.x.104 443 extendable ip nat inside source static 10.0.67.249 x.x.x.105 route-map EXEMPT extendable ip nat inside source static 10.0.67.187 x.x.x.106 route-map EXEMPT extendable ip nat inside source static 10.0.67.233 x.x.x.107 route-map EXEMPT extendable ip nat inside source static 10.0.67.190 x.x.x.108 route-map internet extendable ip nat inside source static 10.0.64.5 x.x.x.109 route-map EXEMPT extendable ip nat inside source static 10.0.67.205 x.x.x.110 route-map EXEMPT extendable ip route 10.0.2.0 255.255.255.0 10.0.1.1 ip route 10.0.3.0 255.255.255.0 10.0.1.1 ip route 10.0.5.0 255.255.255.0 10.0.64.6 ip route 10.0.22.0 255.255.255.0 172.16.21.2 ip route 10.0.48.0 255.255.255.0 10.0.1.1 ip route 10.0.49.0 255.255.255.0 10.0.1.1 ip route 10.0.59.0 255.255.255.0 10.0.1.1 ip route 10.11.4.0 255.255.255.0 10.0.1.1 ip route 10.11.10.0 255.255.255.0 10.0.1.1 ip route 10.11.11.0 255.255.255.0 10.0.1.1 ip route 10.11.12.0 255.255.255.0 10.0.1.1 ip route 10.11.14.0 255.255.255.0 10.0.1.1 ip route 10.11.15.0 255.255.255.0 10.0.1.1 ip route 10.11.16.0 255.255.255.0 10.0.1.1 ip route 10.11.17.0 255.255.255.0 10.0.1.1 ip route 10.12.4.0 255.255.255.0 10.0.1.1 ip route 10.15.0.0 255.255.255.0 10.0.1.1 ip route 10.17.0.0 255.255.255.0 10.0.1.1 ip route 10.20.0.0 255.255.255.0 10.0.1.1 ip route 10.31.1.0 255.255.255.0 10.0.1.1 ip route 10.32.0.0 255.255.255.0 10.0.1.1 ip route 10.37.0.0 255.255.255.0 10.0.1.1 ip route 10.56.0.0 255.255.255.0 10.0.1.1 ip route 10.57.0.0 255.255.255.0 10.0.1.1 ip route 10.58.0.0 255.255.255.0 10.0.1.1 ip route x.x.x.96 255.255.255.240 1.1.1.2 ip route x.x.x.113 255.255.255.255 10.0.1.1 ip route 192.168.1.0 255.255.255.0 10.0.1.1 ip route 192.168.50.0 255.255.255.0 10.0.64.1 ! ip access-list extended XX permit ip 10.11.4.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.11.4.0 0.0.0.255 permit ip 10.12.4.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.12.4.0 0.0.0.255 permit ip 10.56.0.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.56.0.0 0.0.0.255 permit ip 10.0.2.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.0.2.0 0.0.0.255 permit ip 10.20.0.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.20.0.0 0.0.0.255 permit ip 10.0.49.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.0.49.0 0.0.0.255 permit ip 10.0.3.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.0.3.0 0.0.0.255 permit ip 10.11.12.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.11.12.0 0.0.0.255 permit ip 10.11.14.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.11.14.0 0.0.0.255 permit ip 10.58.0.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.58.0.0 0.0.0.255 permit ip 10.57.0.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.57.0.0 0.0.0.255 permit ip 10.11.17.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.11.17.0 0.0.0.255 permit ip 10.15.0.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.15.0.0 0.0.0.255 permit ip 10.31.1.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.31.1.0 0.0.0.255 permit ip 10.0.59.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.0.59.0 0.0.0.255 permit ip 10.17.0.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.17.0.0 0.0.0.255 permit ip 10.11.10.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.11.10.0 0.0.0.255 permit ip 10.0.48.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.0.48.0 0.0.0.255 permit ip 10.32.0.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.32.0.0 0.0.0.255 permit ip 10.11.16.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.11.16.0 0.0.0.255 permit ip 10.11.11.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.11.11.0 0.0.0.255 permit ip 10.37.0.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.37.0.0 0.0.0.255 permit ip 10.11.15.0 0.0.0.255 host 10.0.66.231 permit ip host 10.0.66.231 10.11.15.0 0.0.0.255 permit ip 10.11.4.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.11.4.0 0.0.0.255 permit ip 10.12.4.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.12.4.0 0.0.0.255 permit ip 10.56.0.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.56.0.0 0.0.0.255 permit ip 10.0.2.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.0.2.0 0.0.0.255 permit ip 10.20.0.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.20.0.0 0.0.0.255 permit ip 10.0.49.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.0.49.0 0.0.0.255 permit ip 10.0.3.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.0.3.0 0.0.0.255 permit ip 10.11.12.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.11.12.0 0.0.0.255 permit ip 10.11.14.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.11.14.0 0.0.0.255 permit ip 10.58.0.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.58.0.0 0.0.0.255 permit ip 10.57.0.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.57.0.0 0.0.0.255 permit ip 10.11.17.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.11.17.0 0.0.0.255 permit ip 10.15.0.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.15.0.0 0.0.0.255 permit ip 10.31.1.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.31.1.0 0.0.0.255 permit ip 10.0.59.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.0.59.0 0.0.0.255 permit ip 10.17.0.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.17.0.0 0.0.0.255 permit ip 10.11.10.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.11.10.0 0.0.0.255 permit ip 10.0.48.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.0.48.0 0.0.0.255 permit ip 10.32.0.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.32.0.0 0.0.0.255 permit ip 10.11.16.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.11.16.0 0.0.0.255 permit ip 10.11.11.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.11.11.0 0.0.0.255 permit ip 10.37.0.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.37.0.0 0.0.0.255 permit ip 10.11.15.0 0.0.0.255 host 10.0.64.5 permit ip host 10.0.64.5 10.11.15.0 0.0.0.255 deny ip 10.11.4.0 0.0.0.255 any deny ip 10.12.4.0 0.0.0.255 any deny ip 10.56.0.0 0.0.0.255 any deny ip 10.0.2.0 0.0.0.255 any deny ip 10.20.0.0 0.0.0.255 any deny ip 10.0.49.0 0.0.0.255 any deny ip 10.0.3.0 0.0.0.255 any deny ip 10.11.12.0 0.0.0.255 any deny ip 10.11.14.0 0.0.0.255 any deny ip 10.58.0.0 0.0.0.255 any deny ip 10.57.0.0 0.0.0.255 any deny ip 10.11.17.0 0.0.0.255 any deny ip 10.15.0.0 0.0.0.255 any deny ip 10.31.1.0 0.0.0.255 any deny ip 10.0.59.0 0.0.0.255 any deny ip 10.17.0.0 0.0.0.255 any deny ip 10.11.10.0 0.0.0.255 any deny ip 10.0.48.0 0.0.0.255 any deny ip 10.32.0.0 0.0.0.255 any deny ip 10.11.16.0 0.0.0.255 any deny ip 10.11.11.0 0.0.0.255 any deny ip 10.37.0.0 0.0.0.255 any deny ip 10.11.15.0 0.0.0.255 any deny ip any 10.11.4.0 0.0.0.255 deny ip any 10.12.4.0 0.0.0.255 deny ip any 10.56.0.0 0.0.0.255 deny ip any 10.0.2.0 0.0.0.255 deny ip any 10.20.0.0 0.0.0.255 deny ip any 10.0.49.0 0.0.0.255 deny ip any 10.0.3.0 0.0.0.255 deny ip any 10.11.12.0 0.0.0.255 deny ip any 10.11.14.0 0.0.0.255 deny ip any 10.58.0.0 0.0.0.255 deny ip any 10.57.0.0 0.0.0.255 deny ip any 10.11.17.0 0.0.0.255 deny ip any 10.15.0.0 0.0.0.255 deny ip any 10.31.1.0 0.0.0.255 deny ip any 10.0.59.0 0.0.0.255 deny ip any 10.17.0.0 0.0.0.255 deny ip any 10.11.10.0 0.0.0.255 deny ip any 10.0.48.0 0.0.0.255 deny ip any 10.32.0.0 0.0.0.255 deny ip any 10.11.16.0 0.0.0.255 deny ip any 10.11.11.0 0.0.0.255 deny ip any 10.37.0.0 0.0.0.255 deny ip any 10.11.15.0 0.0.0.255 permit ip any any ip access-list extended EXEMPT deny ip host 10.0.67.201 192.168.1.0 0.0.0.255 deny ip host 10.0.67.201 10.0.0.0 0.255.255.255 deny ip host 10.0.64.5 10.0.0.0 0.255.255.255 deny ip host 10.0.67.233 10.0.0.0 0.255.255.255 deny ip host 10.0.67.249 10.0.0.0 0.255.255.255 deny ip host 10.0.67.249 192.168.1.0 0.0.0.255 deny ip host 10.0.66.231 10.0.0.0 0.255.255.255 deny ip host 10.0.66.231 192.168.1.0 0.0.0.255 deny ip host 10.0.66.235 192.168.1.0 0.0.0.255 deny ip host 10.0.67.172 192.168.1.0 0.0.0.255 deny ip host 10.0.67.187 10.0.0.0 0.255.255.255 deny ip host 10.0.67.187 192.168.1.0 0.0.0.255 deny ip host 10.0.67.189 192.168.1.0 0.0.0.255 deny ip host 10.0.67.189 10.0.0.0 0.255.255.255 deny ip host 10.0.67.233 192.168.1.0 0.0.0.255 deny ip host 10.0.64.235 10.0.0.0 0.255.255.255 deny ip host 10.0.66.200 10.0.0.0 0.255.255.255 deny ip host 10.0.67.172 10.0.0.0 0.255.255.255 deny ip host 10.0.66.202 10.0.1.0 0.0.0.255 permit ip any any ! ! nls resp-timeout 1 cpd cr-id 1 route-map NEXT permit 10 set ip next-hop x.x.x.114 ! route-map EXEMPT permit 10 match ip address EXEMPT ! route-map internet permit 10 match ip address EXEMPT ! route-map PREPEND permit 10 set as-path prepend 65416 65416 65416 set ip next-hop x.x.x.114 ! ! ! ! ! control-plane ! ! voice-port 0/0/0:23 ! voice-port 0/2/0 description 6745_MODEM ! voice-port 0/2/1 description 108_POTS ! voice-port 0/2/2 ! voice-port 0/2/3 ! ! ! ! ccm-manager fallback-mgcp ccm-manager redundant-host 10.10.0.2 10.10.0.4 ccm-manager mgcp no ccm-manager fax protocol cisco ccm-manager music-on-hold ccm-manager config server 10.10.0.2 ccm-manager config ! mgcp mgcp call-agent 10.10.0.14 2427 service-type mgcp version 0.1 mgcp dtmf-relay voip codec all mode out-of-band mgcp rtp unreachable timeout 1000 action notify mgcp modem passthrough voip mode nse mgcp ip qos dscp cs3 signaling mgcp package-capability rtp-package mgcp package-capability sst-package mgcp package-capability pre-package no mgcp package-capability res-package no mgcp package-capability fxr-package no mgcp timer receive-rtcp mgcp sdp simple mgcp fax t38 inhibit mgcp rtp payload-type g726r16 static mgcp bind control source-interface GigabitEthernet0/1.10 mgcp bind media source-interface GigabitEthernet0/1.10 ! mgcp profile default ! sccp local GigabitEthernet0/1.10 sccp ccm 10.10.0.100 identifier 4 version 7.0 sccp ccm 10.10.0.2 identifier 3 version 7.0 sccp ccm 10.10.0.14 identifier 1 version 7.0 sccp ccm 10.10.0.4 identifier 2 version 7.0 sccp ! ! ! ! gatekeeper shutdown ! ! telephony-service sdspfarm units 10 sdspfarm transcode sessions 10 sdspfarm tag 1 rtr-xcode max-ephones 25 max-dn 50 ip source-address 10.10.0.100 port 2000 max-conferences 8 gain -6 transfer-system full-consult create cnf-files version-stamp 7960 Aug 23 2017 09:11:08 ! ! ! line con 0 logging synchronous line aux 0 line 2 no activation-character no exec transport preferred none transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 privilege level 15 transport input all line vty 5 15 transport input all ! scheduler allocate 20000 1000 ntp source GigabitEthernet0/1.1 ntp master 4 ntp server 192.5.41.40 ! end
Secondary Config:
! hostname Secondary ! boot-start-marker boot-end-marker ! ! card type t1 0 0 ! aaa new-model ! ! aaa authorization exec default local if-authenticated ! ! ! ! ! aaa session-id common ! network-clock-participate wic 0 network-clock-select 1 T1 0/0/0 ! no ipv6 cef ip source-route ip cef ! ! ! ip dhcp excluded-address 10.0.99.1 10.0.99.50 ip dhcp excluded-address 10.1.9.1 10.1.9.50 ! ! ip domain name XXX.local ip name-server 10.0.66.199 ip name-server 10.0.66.45 ! multilink bundle-name authenticated ! ! ! ! isdn switch-type primary-ni ! ! trunk group x ! ! trunk group xx ! ! trunk group xxx ! ! trunk group xxx ! ! trunk group xxxx ! crypto pki token default removal timeout 0 ! ! voice-card 0 dsp services dspfarm ! ! ! voice service voip ip address trusted list ipv4 10.10.0.3 ipv4 10.10.0.5 ipv4 10.10.0.2 ipv4 10.10.0.14 ipv4 10.10.0.4 allow-connections h323 to h323 allow-connections h323 to sip allow-connections sip to h323 allow-connections sip to sip fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none sip ! voice class codec 1 codec preference 1 g711ulaw codec preference 2 g729r8 ! ! ! ! ! ! voice translation-profile did translate called 1 ! ! ! application global service alternate Default ! ! license udi pid CISCO2911/K9 sn license boot module c2900 technology-package securityk9 hw-module pvdm 0/0 ! hw-module pvdm 0/1 ! ! ! ! redundancy ! ! ! ! controller T1 0/0/0 cablelength long 0db pri-group timeslots 1-24 ! ip ssh time-out 30 ! ! crypto isakmp policy 4 authentication pre-share group 2 crypto isakmp key greipsec.xx.com address 0.0.0.0 0.0.0.0 crypto isakmp keepalive 20 periodic crypto isakmp aggressive-mode disable ! ! crypto ipsec transform-set greipsec esp-des esp-md5-hmac mode transport ! crypto ipsec profile greipsec set transform-set greipsec ! ! ! ! ! ! interface Loopback0 ip address x.x.x.110 255.255.255.240 ! interface Tunnel0 bandwidth 1000 ip address 172.16.225.3 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication dreipsec ip nhrp map multicast dynamic ip nhrp network-id 99 ip nhrp holdtime 300 ip nhrp interest 100 ip ospf network broadcast ip ospf priority 0 delay 1000 tunnel source 10.0.5.2 tunnel mode gre multipoint tunnel key 200000 tunnel protection ipsec profile greipsec shared ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 10.0.5.2 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/1 ip address 10.0.64.6 255.255.252.0 ip nat inside ip virtual-reassembly in ip ospf priority 0 duplex auto speed auto ! interface GigabitEthernet0/2 ip address 10.40.0.1 255.255.255.252 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface Serial0/0/0:23 no ip address encapsulation hdlc isdn switch-type primary-ni isdn incoming-voice voice isdn outgoing display-ie no cdp enable ! router bgp 65416 bgp router-id x.x.x.218 bgp log-neighbor-changes network x.x.x.96 mask 255.255.255.240 route-map PREPEND neighbor x.x.x.217 remote-as 10796 neighbor x.x.x.217 ebgp-multihop 3 neighbor x.x.x.217 update-source GigabitEthernet0/0 neighbor x.x.x.217 next-hop-self neighbor x.x.x.217 route-map PREPEND out ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source static tcp 10.0.66.231 23 x.x.x.98 23 extendable ip nat inside source static tcp 10.0.66.231 80 x.x.x.98 80 extendable ip nat inside source static tcp 10.0.66.231 443 x.x.x.98 443 extendable ip nat inside source static tcp 10.0.66.231 446 x.x.x.98 446 extendable ip nat inside source static tcp 10.0.66.231 447 x.x.x.98 447 extendable ip nat inside source static tcp 10.0.66.231 449 x.x.x.98 449 extendable ip nat inside source static tcp 10.0.66.231 8470 x.x.x.98 8470 extendable ip nat inside source static tcp 10.0.66.231 8471 x.x.x.98 8471 extendable ip nat inside source static tcp 10.0.66.231 8472 x.x.x.98 8472 extendable ip nat inside source static tcp 10.0.66.231 8473 x.x.x.98 8473 extendable ip nat inside source static tcp 10.0.66.231 8474 x.x.x.98 8474 extendable ip nat inside source static tcp 10.0.66.231 8475 x.x.x.98 8475 extendable ip nat inside source static tcp 10.0.66.231 8476 x.x.x.98 8476 extendable ip nat inside source static tcp 10.0.66.231 10088 x.x.x.98 10088 extendable ip nat inside source static tcp 10.0.66.231 17019 x.x.x.98 17019 extendable ip nat inside source static tcp 10.0.66.202 25 x.x.x.99 25 extendable ip nat inside source static tcp 10.0.66.201 80 x.x.x.99 80 extendable ip nat inside source static tcp 10.0.66.201 110 x.x.x.99 110 extendable ip nat inside source static tcp 10.0.66.201 443 x.x.x.99 443 extendable ip nat inside source static 10.0.66.201 x.x.x.99 ip nat inside source static tcp 10.0.66.31 443 x.x.x.101 443 extendable ip nat inside source static tcp 10.0.66.31 444 x.x.x.101 444 extendable ip nat inside source static tcp 10.0.66.31 5061 x.x.x.101 5061 extendable ip nat inside source static tcp 10.0.66.31 5086 x.x.x.101 5086 extendable ip nat inside source static tcp 10.0.66.31 5087 x.x.x.101 5087 extendable ip nat inside source static 10.0.66.35 x.x.x.102 extendable ip nat inside source static tcp 10.0.65.132 443 x.x.x.103 443 extendable ip nat inside source static tcp 10.0.66.231 443 x.x.x.98 443 extendable ip nat inside source static tcp 10.0.66.231 17018 x.x.x.98 17018 extendable ip nat inside source static tcp 10.0.66.1 443 x.x.x.100 443 extendable ip route 10.0.0.0 255.0.0.0 10.0.64.1 ip route x.x.x.217 255.255.255.255 10.0.5.1 ip route 192.168.1.0 255.255.255.0 10.0.1.1 ! ip access-list extended NAT permit ip 10.0.64.0 0.0.3.255 any permit ip 0.0.0.0 255.255.255.0 any permit ip 10.0.66.0 0.0.0.255 any permit ip 10.0.55.0 0.0.0.255 any permit ip 10.0.60.0 0.0.0.255 any permit ip 10.0.79.0 0.0.0.255 any permit ip 10.0.71.0 0.0.0.255 any permit ip 10.0.99.0 0.0.0.255 any permit ip 10.0.6.0 0.0.0.255 any permit ip 10.0.86.0 0.0.0.255 any permit ip 10.0.78.0 0.0.0.255 any permit ip 10.0.77.0 0.0.0.255 any permit ip 10.0.68.0 0.0.0.255 any permit ip 10.0.70.0 0.0.0.255 any permit ip 10.0.73.0 0.0.0.255 any permit ip 10.0.80.0 0.0.0.255 any ip access-list extended STATIC-EIGRP permit ip 10.0.64.0 0.0.0.255 any permit ip 10.10.0.0 0.0.0.255 any permit ip 10.1.1.0 0.0.0.255 any ! access-list 64 permit any access-list 99 permit any ! ! ! ! route-map PREPEND permit 10 set as-path prepend 65416 65416 set ip next-hop x.x.x.218 ! route-map STATIC-EIGRP permit 10 match ip address STATIC-EIGRP ! ! ! ! ! control-plane ! ! voice-port 0/0/0:23 ! ccm-manager fallback-mgcp ccm-manager redundant-host 10.10.0.2 10.10.0.4 ccm-manager mgcp no ccm-manager fax protocol cisco ccm-manager music-on-hold ccm-manager config server 10.10.0.2 ccm-manager config ! mgcp mgcp call-agent 10.10.0.14 2427 service-type mgcp version 0.1 mgcp dtmf-relay voip codec all mode out-of-band mgcp rtp unreachable timeout 1000 action notify mgcp modem passthrough voip mode nse mgcp package-capability rtp-package mgcp package-capability sst-package mgcp package-capability pre-package no mgcp package-capability res-package no mgcp package-capability fxr-package no mgcp timer receive-rtcp mgcp sdp simple mgcp fax t38 inhibit mgcp rtp payload-type g726r16 static mgcp bind control source-interface GigabitEthernet0/1 mgcp bind media source-interface GigabitEthernet0/1 ! ! ! gatekeeper shutdown ! ! ! ! ! ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 transport input ssh ! scheduler allocate 20000 1000 end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2018 07:09 AM - edited 01-11-2018 07:19 AM
Hi
At simple sight there are 2 things to consider, how you are are prefering the incoming prefixes from the source perspective I meaning from the internal routers. The second is the iBGP configuration is not completed on the backup router just on the first.
router bgp 65416 bgp router-id x.x.x.114 bgp log-neighbor-changes network x.x.x.96 mask 255.255.255.240 network x.x.x.110 mask 255.255.255.255 route-map PREPEND neighbor 10.0.64.6 remote-as 65416 neighbor 10.0.64.6 update-source GigabitEthernet0/1.1
If you are using the directly connected interface you don't need the update-source command.
I will create a configuration script to share with you and it could be useful as reference.
:-)
>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2018 06:03 AM
Hi
Apologies for the late response, imagine the following scenario:
R1 ---eBGP--- ISP1
|
|
iBGP
|
|
R2---eBGP---ISP2
Now you configuration could be, taking advantage that you already have an IGP protocol (OSPF) running between your infrastructure it can be used as NLRI to create an iBGP with loopbacks otherwise it could be used with directly connected interfaces.
Router 1 (R1)
interface loopback 0
ip address 1.1.1.1 255.255.255.255
interface g0/0
description TO-ISP1
ip address 150.0.0.1 255.255.255.252
no shutdown
interface g0/1
description TO-R2
ip address 10.10.12.1 255.255.255.252
no shutdown
route-map INBOUND permit 5
set local-preference 5000
route-map OUTBOUND permit 5
set as-path prepend 10
router ospf 10
network 1.1.1.1 0.0.0.0 area 0
network 10.10.12.0 0.0.0.3 area 0
router bgp 10
no sync
no auto-summary
neighbor 150.0.0.2 remote 1
neighbor 150.0.0.2 route-map INBOUND in
neighbor 150.0.0.2 route-map OUTBOUND out
neighbor 2.2.2.2 remote 10
neighbor 2.2.2.2 update-source loopback0
neighbor 2.2.2.2 next-hop-self
Router 2 (R2)
interface loopback 0
ip address 2.2.2.2 255.255.255.255
interface g0/0
description TO-ISP1
ip address 160.0.0.1 255.255.255.252
no shutdown
interface g0/1
description TO-R1
ip address 10.10.12.2 255.255.255.252
no shutdown
route-map INBOUND permit 5
set local-preference 1000
route-map OUTBOUND permit 5
set as-path prepend 10 10 10 10
router ospf 10
network 2.2.2.2 0.0.0.0 area 0
network 10.10.12.0 0.0.0.3 area 0
router bgp 10
no sync
no auto-summary
neighbor 160.0.0.2 remote 2
neighbor 160.0.0.2 route-map INBOUND in
neighbor 160.0.0.2 route-map OUTBOUND out
neighbor 1.1.1.1 remote 10
neighbor 1.1.1.1 update-source loopback0
neighbor 1.1.1.1 next-hop-self
It can be taken as reference, the route-maps OUTBOUND are used for symmetric traffic, you can include additional configuration like fast fallover, password, etc.
Hope it is useful
:-)
>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2018 11:17 AM
Thank you for the response and the time you've taken to answer my question. It is clear that I still have a lot to learn about BGP, so I am going to read up a bit more, and use your write up as a reference to re-implement BGP in this environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2018 01:47 PM
Hi
You are welcome my friend, everyday we learn something new. Theory and Practice is the key.
Any doubt we are here to assist you.
Have a great day my friend!
:-)
>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
