Good eye. I added the update-source loopback 0 to CE 2, not included in the post, but it didn't work. I clear ip bgp after adding it and still the peer did not establish.

How can HSRP be configured between loopback addresses? I didn't think you could.... Maybe you can?

Anyway, could you tell us if this works on CE2:

ping 192.168.107.2 source loopback 0

On CE1 - ping 192.168.107.3 source loopback 0

CE1#ping 192.168.107.3 source l0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.107.3, timeout is 2 seconds:
Packet sent with a source address of 192.168.8.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/37/52 ms

Not sure what you meant by "how can HSRP be configured between loopback address."

AZTEM-CWR1#sh stand bri
                     P indicates configured to preempt.
                     |
Interface   Grp Prio P State    Active          Standby         Virtual IP
Fa0/3       5   110  P Active   local           192.168.107.3   192.168.107.1
 

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.0.82    4  1803     154     152       15    0    0 02:25:54        6
192.168.107.3   4 65185       0       0        0    0    0 never    Active
 

Right, so your loopback address was 192.168.8.6 - you need to peer to this IP, and not the IP on Fa0/3.

Step no 1 for you is to remove non working config

Step no 2 - determine the loopback addresses on both CE's

Step no 3 - create neighborship on respective CE's to the Loopback address (not the 192.168.107.x)

Step no 4 - source your bgp from loopback (with update-source)

Step no 5 - which should really be done first, is make sure from on of the CE's you can source the ping from loopback to the other CE loopback

Remember, BGP peering needs to match the outgoing interface IP address and the respective neighbor statement on the other side.

Here in your case you have BGP trying to peer to 192.168.107 addresses with the source of the loopback address 192.168.8.6 address which will not work. You could do it without sourcing from the loopback - sure enough it will work, but if you want to achieve this via loopback then we need to change the config a little.

EDIT: I noticed you advertise out 192.168.8.6 on both CE's - is this some sort of ANYCAST address? Please dont do the above just yet! Need to understand what you are trying to do before I can assist further. Perhaps show me config of both loopbacks.

If they have the same IP address, the i'd suggest that you need loopback addresses that are different.

Thanks Bilal! So what your saying is if I am not peering with the loopback, the update-source is not needed? If the update-source is used with a non-peering loopback, it causes problems, because its not the actual source.

The loopback is being advertised because we use it for the source of logging and mgmt. of the device.

Yes, exactly. If you arent peering with the loopback, the update-source wouldn't be needed "Only if the outgoing interface IP was the one being used for peering" and in your case it is true.

If you wanted to peer with the loopbacks you could, maybe try it out in your lab, with the update-source command.

Hope it helps

Bilal

So, I guess the update-source, isn't like a logging source-interface l0? As a test I did change the update-source to the interface of the peering-ip and the neighbor came up. Looks like I need re-engineer these sites with IBGP, changing them to peer with loopbacks, instead of physical interfaces.

Hi,

you might also need to use

ebgp-multihop

or

neighbor disable-connected-check

command to peer through Looppback addresses, as discussed here:

https://supportforums.cisco.com/discussion/11603211/ebgp-multihop-command-only-applies-loopbacks

Best regards,

Milan

Milan - this question is for ibgp not ebgp.