06-25-2009 12:49 PM - edited 03-04-2019 05:14 AM
We are running BGP with two carriers A and B. With one of our carriers, A, the BGP session establishes and our networks announce and everything works fine. When we bring up the BGP session with our other carrier, B, routing stops working properly. I cannot ping the remote interface to the other carrier from any device on my 2 subnets or any other IP on that carriers network. I can ping some directly connected IP addresses on carrier B. What is strange is that from the router itself I can ping IP addresses on both carriers as well as their connected peers but this is only when directly connected to the cisco router. If I take down carrier B then everything starts routing fine through carrier A again. This is really starting to cause me too much stress as carrier B claims that this has nothing to do with them since BGP works and I can ping from the router itself fine. I suspect that this has something to do with carrier B providing their connection as a bridged ethernet handoff through an IAD using a /24 subnet where I am only allowed to use a single IP from this subnet for my routers interface. I have never had a config running BGP in quite this way. I am attaching my config for review. Any help is greatly appreciated. Thanks.
Solved! Go to Solution.
06-26-2009 12:11 AM
Hello Ray,
it looks like that provider B is not accepting your advertisements.
The problem is on the return path.
Are you using your own IP address block or your public ip addresses belong to provider A?
your configuration looks like fine you are advertising only locally generated routes (you permit only empty AS paths with filter-list 10).
As noted above you need your own ip address block to have this working otherwise you would need a different solution involving NAT and two address pools one from provider A and one from provider B.
if you have your own ip address block as your config suggests contact provider B support people.
Edit:
>> I suspect that this has something to do with carrier B providing their connection as a bridged ethernet handoff through an IAD using a /24 subnet where I am only allowed to use a single IP from this subnet for my routers interface.
sorry I didn't read well if there is someone in the middle it can be the one that drops packets for some misconfigured security feature.
But it is unlike have them check their route filters.
Ask them to provide you
sh ip bgp received-routes 209.195.2.111
from their router
Hope to help
Giuseppe
06-25-2009 01:59 PM
Your network statement looks incorrect to me.
network 66.195.35.0 mask 255.255.255.0
You have a static to 66.195.34.0 /24 null0 and your interface fa0/0 has the 66.195.34.0 subnet on it as well.
HTH,
John
06-25-2009 06:38 PM
Hi,
1- you configured network 66.195.35.0 under BGP instead of 66.195.34.0 so this one is not announced to your carriers.
2- It's eBGP sessions, you don't need the next-hop self option.
3- To troubleshoot your issue, you could try some trace route to see which path you are using with one carrier only and with the two available.
HTH
Laurent.
06-25-2009 07:31 PM
1- I appologize that was a typo when I altered the the address slightly for public posting.
2- I added that in today just to see if it might help but it didnt make any difference at all.
3- I have tried pings and traces from the router and the only interface that can get out using carrier B's default route to the 209.195.2.1/24 IP is the 209.195.2.111 Interface Fast1/0. If I specify an address on my other subnets for the ping or trace they will not complete. It is as if all the other interface IPs are unable to route to the default gateway route announced by carrier B but those same IPs are able to route to the default gateway announced by carrier A. For some reason the remote interface 209.195.2.1/24 though its listed as directly connected is not a valid route from any of the other interfaces in my router. I am stumped by this.
06-26-2009 12:11 AM
Hello Ray,
it looks like that provider B is not accepting your advertisements.
The problem is on the return path.
Are you using your own IP address block or your public ip addresses belong to provider A?
your configuration looks like fine you are advertising only locally generated routes (you permit only empty AS paths with filter-list 10).
As noted above you need your own ip address block to have this working otherwise you would need a different solution involving NAT and two address pools one from provider A and one from provider B.
if you have your own ip address block as your config suggests contact provider B support people.
Edit:
>> I suspect that this has something to do with carrier B providing their connection as a bridged ethernet handoff through an IAD using a /24 subnet where I am only allowed to use a single IP from this subnet for my routers interface.
sorry I didn't read well if there is someone in the middle it can be the one that drops packets for some misconfigured security feature.
But it is unlike have them check their route filters.
Ask them to provide you
sh ip bgp received-routes 209.195.2.111
from their router
Hope to help
Giuseppe
06-26-2009 02:32 PM
Well the problem was a filter on the device that controlled the IAD which according to them was seperate from their core router so since they did not see any filters on their core router they assumed that it was my fault even though I sent them my config showing there wasn't any filtering. They were filtering anything that did not originate from the directly connected interface with the IAD. Anyone recieving bonded circuits through an IAD beware that the IAD controller can also filter what flows down the circuit. Thanks for those that posted.
Most important of all dont accept a tech from a carrier telling you that it must be your fault and insist that they keep working on the problem with you despite their unwillingness to do so.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide