cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7328
Views
10
Helpful
12
Replies

BGP Update source Problem

apple0001
Level 1
Level 1

Generally,if I want to use the loopback as the source address,we need to uses ''bgp update source loopback' under the BGP configuration.

because of BGP uses the ip address configured on the physical interface directly connected to the bgp peer as the source address by default.  My understanding was correct?

However, I checked the configuration of BGP over IPsec yesterday. I found there is no 'bgp update source tunnel' command and also working fine.

So I have confused if we need to use 'bgp update source tunnel' command on BGP over IPsec.

Can someone help me to clarify how to/when use the 'bgp update source tunnel' command?

 

Thanks in advance

 

 

 

1 Accepted Solution

Accepted Solutions

I appreciate Nagendra sharing his example which does demonstrate some of the complexity involved in deciding when we need this optional parameter. In my post I did not say that you [absolutely] need update source, but I said that you [probably] need update source. This is an optional parameter which fits in some cases and is not needed in other cases. I believe the original poster is looking for rules that describe this is when you do and this is when you don't. But there are not simple rules for this.

 

So let me try another slightly different approach in trying to find an explanation. If the IP address that your BGP neighbor uses to peer with you is the IP address of the interface that you will use to reach the neighbor then you do not need update source. And if the IP address that your BGP neighbor uses to peer with you is not the IP address of the interface that you will use to reach the neighbor then you do need update source. There are some cases where we usually do need update source and they include when peering from virtual interfaces like loopbacks, and peering when there is more than one path that the router could take to reach the neighbor. But some of the time you just need to determine case by case whether update source will work (so take the address that the neighbor will use and compare it with the default behavior of your router and see if they match).

 

There are quite a few protocols where we might want to control the source address. In addition to BGP we have commands to control the source address of SNMP, of SSH, of telnet, of TACACS, of syslog, of NTP, of NetFlow export, and probably of some others. They address the dependencies found in some protocols on what source address will be used. So BGP is not unique in needing to consider what source address will be used.

 

HTH

 

Rick

HTH

Rick

View solution in original post

12 Replies 12

Richard Burts
Hall of Fame
Hall of Fame

Your understanding is correct that by default IOS will use the IP on the outgoing interface as the source address for BGP packets. And your understanding is correct that "IF" you want to control what is used as the source address that you would use bgp update source command.

 

That does not mean that you always need to control the source address for the BGP packets. In some cases the default behavior works just fine and in some cases you need to control the source. You have not given us much detail about your environment but it does sound like the default behavior of BGP is working ok for you.

 

HTH

 

Rick

HTH

Rick

Hi Rick

Thanks for your reply, pls let me supply more detail for this problem

My environment is very simple as below

R1 f0/0  12.1.1.1 ------ 12.1.1.2 f0/0 R2

(R1's loopback:1.1.1.1   R2's loopback:2.2.2.2  R1's tunnel:172.16.1.1  R2's tunnel:172.16.1.2  )

1. when I want to use loopback of R1 to establish BGP neighborship with R2(loopback), I must need to add 'bgp update source loopback' command , because the outgoing interface on R1 is F0/0 for bgp packet by default.

******************************************************

router bgp 100

neighbor 2.2.2.2 update-source lo0

neighbor 2.2.2.2 ebgp-multihop

neighbor 2.2.2.2 remote-as 200

******************************************************

2. However, If i want to use tunnel of R1 to establish BGP neighborship with R2(tunnel), Do i also need to add 'bgp update source tunnel' cmd? My understanding that the reason is same as use the loopback inteface. Actually,there is no need to add this cmd.

***************************************************************************

int tun 1

ip add 172.16.1.1 255.255.255.252

tun source 12.1.1.1

tun destination 12.1.1.2

router bgp 100

neighbor 172.16.1.2 remote-as 200

neighbor 172.16.1.2 update-source tunnel 1  ?????

************************************************************************************

I would like to know why there is?

I would appreciate it if you could help me. I am looking forward to your reply.

Thanks

In your 1) where a decision was made to establish BGP peering using loopback interfaces then yes you would need to specify the source address. In your 2) where the decision was to establish BGP peering using the tunnel there is not a need to specify the source address because the default choice of address works well for you.

 

You asked this "I would like to know why there is?" but I do not understand what you are asking.

 

Perhaps this approach might help you:

- think about how you will connect to the BGP neighbor. (is it directly connected or multiple hop, is it via physical interface or via virtual interface, is it IBGP or EBGP)

- think about how you want to establish peering with the neighbor. (will you use a physical interface address or a virtual interface address)

- think about how the routers will reach the peer address of their neighbor. (is the IP address of the interface that you will use to reach the neighbor the address that the neighbor is using to peer with you? If it is then you do not need to specify update source and if it is not then you probably need to specify update source)

 

Perhaps the key question is whether the address that your neighbor wants to peer with is the address of the interface that you will use to reach the peer. If yes then you do not need update source and if no then you do need update source.

 

HTH

 

Rick

HTH

Rick

Hi Rick

Thanks very much for your help

Actually i want to know the difference between using loopback and tunnel to establish neighborship, I have to specify update source for using lookpback, then why i do not need to specify update source for using tunnel. This is what i want to ask.  

I look your reply carefully and understanding is  that  update source for BGP OPEN packet is the closest outgoing interface to reach a neighbor by default. 

Thanks again for your help  and I will keep in mind 'key question' you say.

 

 

Let me try again from a slightly different perspective. It may seem a bit picky but I want to start with part of your statement in the original post "because of BGP uses the ip address configured on the physical interface". It is not necessarily a physical interface. In your case where the connection is a tunnel then the address of the virtual interface would be used.

 

Perhaps another way to look at this question is to look at the relationship between the BGP peer address and the interface addresses of your router. When the peer address is in the same subnet as a router interface address (as is the case with your tunnel) then you do not need update source. And when the peer address is not in the same subnet as an interface address (as is the case with the loopback) then you probably do need the update source.

 

HTH

 

Rick

HTH

Rick

Hi Rick

I am glad that you can reply again and Thanks for giving me another way to make me more deeply understand the update source for bgp packet.

But you said' peer address is not in the same subnet as an interface address then you probably do need the update source' I may not agree with you. I think it's not exactly. 

for example,there is a simply topology as‘ R1 f0/0--fa0/0 R2fa0/1---fa0/0 R3’  and running ospf together.  I will use the fa0/0 on R1 to establish bgp peer with f0/0 on R3. the subnet between R1 and R2 is not same as between R2 and R3, but It do not need the update source.

Hi,

But you said' peer address is not in the same subnet as an interface address then you probably do need the update source' I may not agree with you. I think it's not exactly. 

for example,there is a simply topology as‘ R1 f0/0--fa0/0 R2fa0/1---fa0/0 R3’  and running ospf together.  I will use the fa0/0 on R1 to establish bgp peer with f0/0 on R3. the subnet between R1 and R2 is not same as between R2 and R3, but It do not need the update source.

 

<Nagendra> It is more like a best practice. Depending on scenarios, you may need what Richard suggested. In scenario that you mentioned, it does not need update source mentioned as there is  only one available egress interface to reach the negihbor. So by default R1 will use F0/0 address as source address (which is configured as neighbor on R3) and R3 uses F0/0 as source address (which is configured as neighbor on R1).

 

But assume the below scenarios,

 

R1------(10.1.12.0/24)----R2------(10.1.23.0/24)-----R3

|                                                     |

+--------(10.1.14.0/24)----R4------(10.1.34.0/24)-----+

 

Assume metric on R1 interface connecting R2 is 10 and metric on R3 interface connecting R2 is 10. Rest all are 1. Assume you configured 10.1.12.1 as neighbor on R3 and 10.1.23.3 as neighbor on R1.

 

So R1 will use R4 as nexthop to reach 10.1.23.0 and so uses 10.1.14.1 as source address for BGP session. Similarly, R3 will use R4 as nexthop to reach 10.1.12.0 and so uses 10.1.34.3 as source address for BGP session.

 

In above scenario, the session will not come up and you need update-source enabled to make it up.

 

-Nagendra

 

I appreciate Nagendra sharing his example which does demonstrate some of the complexity involved in deciding when we need this optional parameter. In my post I did not say that you [absolutely] need update source, but I said that you [probably] need update source. This is an optional parameter which fits in some cases and is not needed in other cases. I believe the original poster is looking for rules that describe this is when you do and this is when you don't. But there are not simple rules for this.

 

So let me try another slightly different approach in trying to find an explanation. If the IP address that your BGP neighbor uses to peer with you is the IP address of the interface that you will use to reach the neighbor then you do not need update source. And if the IP address that your BGP neighbor uses to peer with you is not the IP address of the interface that you will use to reach the neighbor then you do need update source. There are some cases where we usually do need update source and they include when peering from virtual interfaces like loopbacks, and peering when there is more than one path that the router could take to reach the neighbor. But some of the time you just need to determine case by case whether update source will work (so take the address that the neighbor will use and compare it with the default behavior of your router and see if they match).

 

There are quite a few protocols where we might want to control the source address. In addition to BGP we have commands to control the source address of SNMP, of SSH, of telnet, of TACACS, of syslog, of NTP, of NetFlow export, and probably of some others. They address the dependencies found in some protocols on what source address will be used. So BGP is not unique in needing to consider what source address will be used.

 

HTH

 

Rick

HTH

Rick

Hi Rick Nagendra

 

 Thanks very much.

 

My understanding is as below,if there is something wrong,please point it out and correct it

________________________________________________________________

We need to consider if there are existing multiple interfaces or multiple paths between two BGP peers

1) if NO,  I do not need the update source option

2) if Yes, I should compare the real update source and the default update source, if both are same, we do not need to specify update source, if both are not same,we need to specify update source.

(BGP OPEN packet will select the closest outgoing interface to reach a neighbor as update source by default )

________________________________________________________________

Tiny

For the most part this is a good understanding. I would add that sometimes when there is only a single path to the neighbor but the neighbor is multiple hops away it is helpful to specify the update source. Also sometimes when the neighbor is IBGP it is helpful to specify update source even if it has only a single path.

 

HTH

 

Rick

HTH

Rick

Hi Nagendra Rick

 

Totally understand.

Thanks very much for your always help  :)

 

Tiny

 

Hi,

Your understanding is right. But as a design practice, I would say it is better to specify the update-source if there are more than 1 egress interface (irrespective of which one you choose now) or if you currently have 1 egress interface but foresee that new egress links/interfaces will be added later.

 

-Nagendra

Review Cisco Networking for a $25 gift card