03-10-2018 08:29 PM - edited 03-05-2019 10:04 AM
Hello,
I have 2 MPLS routers from different carriers on remote site, iBGP between them is via core switch over ospf, they don't have a direct connection between them. I have following access list applied to both router's EBGP peers to carriers
!
ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny .*
!
When I enable both circuits, traffic from hub site learnt form one carrier is advertised from other causing a loop, I have shut down one circuit, what is needed to fix this ?
Thanks
03-10-2018 09:42 PM - edited 03-10-2018 10:05 PM
Hi,
How are you applied to the BGP configuration?
Did you applied to BGP neighbor:
neighbor x.x.x.x filter-list 1 out
The ^$ regular expression ensures that we will only advertise locally originated prefixes. We’ll have to apply this filter to both ISPs.
or you can apply the same to the route map.
ip as-path access-list 1 permit ^$ router bgp XX neighbor XXXXXX route-map Test out route-map Test permit 10 match as-path 1
and second thing:
I am not sure that ip as-path access-list 1 deny .* is making any help to you. Try to remove it.
Regards,
Deepak Kumar
03-11-2018 01:14 AM
ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny .*
is equivalent to
ip as-path access-list 1 permit ^$
implicit deny is at the end = ip as-path access-list 1 deny .*
:)
03-11-2018 06:29 AM
As both previous posts have pointed out the deny statement in the as path access list is not needed. But having it in the access list would not cause the AS to become a transit AS. As Deepak points out the issue may be in the way that it was applied. The original poster should either confirm that the suggestions have been implemented and it now works or if it is still not working then should post the configs so that we can evaluate the problem.
HTH
Rick
03-11-2018 08:45 AM
03-11-2018 09:16 AM
Hi,
Can you share both configurations for better understand the issue?
Regards,
Deepak Kumar
03-11-2018 10:22 AM
Hi Deepak,
Please see BGP configurations:
Working with direct connection, iBGP peer as loopback
======================================================
!
neighbor ibgp-peer peer-group
neighbor ibgp-peer remote-as 64888
neighbor ibgp-peer update-source Loopback0
neighbor ibgp-peer next-hop-self
neighbor ebgp-peer peer-group
neighbor ebgp-peer remote-as 65000
neighbor ebgp-peer route-map BGP_in in
neighbor ebgp-peer route-map BGP_out out
neighbor 10.0.X.X peer-group ibgp-peer
neighbor 152.X.X.X peer-group ebgp-peer
!
ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny .*
!
route-map BGP_out permit 10
match as-path 1
!
Not Working iBGP via core OSPF, iBGP peer as loopback
======================================================
!
neighbor INTERNAL peer-group
neighbor INTERNAL remote-as 64456
neighbor INTERNAL update-source Loopback0
neighbor 10.0.X.X peer-group INTERNAL
neighbor 10.0.X.X description iBGP
neighbor 152.X.X.X remote-as 65000
neighbor 152.X.X.X route-map BGP_in in
neighbor 152.X.X.X route-map BGP_out out
!
ip as-path access-list 1 permit ^$
ip as-path access-list 1 deny .*
!
route-map BGP_out permit 10
match as-path 1
!
Thanks
03-11-2018 10:33 AM - edited 03-11-2018 10:33 AM
iBGP neighbors in different AS?
neighbor ibgp-peer remote-as 64888
neighbor INTERNAL remote-as 64456
Second router does not have neighbor ibgp-peer next-hop-self.
Is there present network command or redistribution to advertise anything into BGP (since there is no configuration details regarding BGP networks)?
03-11-2018 10:43 AM
Hi,
These configs are from 2 different remote sites from router1 of each site, using "aggregate-address 10.0.X.0 255.255.240.0 summary-only" command for BGP routes, issue is routes learnt from one ISP is sent out other ISP on not working site
Thanks
03-11-2018 10:46 AM
03-11-2018 10:48 AM
What you are trying is to advertise only local routes. According to as-path REGEX routes learned from any site will not be readvertised to other routers - only local routes can be advertised.
03-11-2018 10:57 AM
Hi,
This is what I thought, but these are being re advertised & I have to shut iBGP peer, that's why wondering if BGP routing table treats iBGP routes learnt via OSPF differently than if there is a direct connection between routers & iBGP routes are learnt via direct connection
thanks
03-11-2018 11:18 AM
Hi,
there is "redistribute ospf" command in BGP of working site, if it make any difference to advertised routes
thanks
03-11-2018 11:40 AM
I am wondering about this statement "if BGP routing table treats iBGP routes learnt via OSPF differently than if there is a direct connection between routers" and especially trying to understand the learnt via OSPF part. Is the router really learning the routes via OSPF? The BGP routes should be learned via BGP and not learned via OSPF. Perhaps you can post the output of show ip bgp from one of the routers that is not working as expected, and identify some of the routes in the table that are at issue (learned from one external peer and advertised to the other external peer).
HTH
Rick
03-11-2018 11:49 AM
Hi,
There was a typo in route map applied to peer in router 2, BGP-out instead of BGP_out, should have picked it up before posting
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide