Re: BGP Split Horizon

kfarrington · ‎07-04-2005

Guys,

I have a strange question in which I cant seem to find an awnser to.

Split Horizon, in DV IGPs state that you cannot advertised a route back (to a neighbor)through an interface in which it was learned.

BGP is a Path Vector RP.

If I was to learn NLRI1 via an iBGP peer (through ethernet1), and I also had an eBGP neighbor reachable via the same interface, would BGP send it to the eBGP peer?

Many thx all,

Ken

Harold Ritter · ‎07-04-2005

Ken,

BGP doesn't advertise a path to a peer if it determines that the best path for a given prefix is learnt via that same peer.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

kfarrington · ‎07-04-2005

Sorry dude,

I should have explained a little better.

We have a scenario where we have Site1 and Site2 and with Gige between them. Running eigrp

Each site has a CE router with circuits to our two MPLS/VPN carriers running eBGP.

The two sites run iBGP between them.

Now if the metro link(s) go down, the IGP is segemented and the iBGP session could potentially stay up via the carrier cloud, and keep its peer up that way.

If that happens, :-

Site1 would learn the IGP prefixes of site2 via iBGP (via the carrier cloud)

Then once received via iBGP, then "would" it advertise it back out the same interface to its eBGP peer.

If it does this, then we will have a problem.

From the docs I see, it would as BGP is not a DV, but a path vector RP.

Thx for you help with this.

Kindest regards,

Ken

Kevin Dorrell · ‎07-04-2005

Ken,

Not sure I fully understand what is going on here, but if the router is learning the prefix from two sources - the iBGP in the other half of your AS, and the eBGP of the provider - then it will chose to believe the eBGP rather than the iBGP (AD 20 rather than 200) Therefore it should not advertise the false internal route back out to the other AS.

There is something about a "backdoor" command that would modify this, but I do not fully understand it. Perhaps Harold could explain it.

But if your AS has become partitioned like that, I suspect you will have many other more serious problems to contend with.

Kevin Dorrell

Luxembourg

Harold Ritter · ‎07-04-2005

Ken,

Since site1 and site2 share the same ASN, site1 would reject site2 routes received from the MPLS VPN core and vice versa. Therefore the iBGP session would not get established via the MPLS VPN core.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

kfarrington · ‎07-04-2005

Hello,

You say that the iBGP session would not get established over the VPN, i am not sure why this would be.

The loopbacks of the routers go into eBGP and each site1 and site2 router would have a path for the iBGP (over the vpn core) and establish I think, I may be completely wrong and sorry if I have missed sommat here

I have a 97k jpeg file here showing the exact topology and show you what could happen?

All the NRLI received over the iBGP session (over VPN) would be iBGP routes with only the customers (us) as-path info.

Please let me know if you can see the file?

Kindest regards,

Ken

vdadlaney · ‎07-29-2005

Hi Ken,

Not sure if this was ever addressed but i believe what Harold was trying to say was that you have a split AS and unless some MPLS mechanism's are being used over here (Allowas-in etc) than your IBGP session might not get established because both Site 1 and Site 2 have the same AS#. Therefore Site 1's loopback will never make it to Site 2's BGP Table since that would indicate a loop from BGP's prespective. Please do let me know if I have missed something and this is incorrect. Thx