Hi Guiseppe.

All phones in the DR site have a 10.180.x.x address as they are in VLAN800.

The configuration of the VLAN is as follows:

interface Vlan800

description DR SANTRY VOICE VLAN

ip address 10.180.x.x x.x.x.x

ip helper-address 10.1.8.x (ip address of switch in DR site.

ip pim sparse-dense-mode

end

The route is injected into BGP in our HQ. Extract from a router in our DR Site.

*>i10.180.x.x/16 x.x.x.x 2 100 0 ?

This route doesn't inject into the branch office routers bgp routing table. Am I barking up the wrong tree here, would this be why we cannot hear the customer from the branch office.

Our DR Site has a leased line which terminates at one of our Datacentres into a 6500 router. The phone register with the CM in our HQ.

I hope I have answers all your questions.

Thanks a million for your help.

Anthony.

Hello Anthony,

>> This route doesn't inject into the branch office routers bgp routing table. Am I barking up the wrong tree here, would this be why we cannot hear the customer from the branch office.

if the branch router doesn't receive a default route over the BGP session this is a problem.

call signalling happens with the call manager that is in the central site but the bearer stream RTP has to be able to reach the phone in DR site.

The call manager is probably able to have good connectivity with both so call setup is successful.

Hope to help

Giuseppe

Hi Guiseppe,

access-list 8 permit 10.10.0.0 0.0.255.255

access-list 8 permit 10.105.0.0 0.0.255.255

access-list 8 permit 10.125.0.0 0.0.255.255

access-list 8 permit 192.168.0.0 0.0.0.255

access-list 8 permit 10.10.1.0 0.0.0.255

access-list 8 permit 10.150.0.0 0.0.255.255

access-list 8 permit 192.168.10.0 0.0.0.255

access-list 8 permit 10.1.0.0 0.0.255.255

access-list 8 permit 10.131.0.0 0.0.255.255

I have changed these ip address to mimic the ip addresses in our site.

As far as I am aware access-list 8 contains all the telephony addresses.

Do I need to add the following:

access-list 8 permit 10.180.0.0 0.0.255.255

Thanks Anthony.

Hello Anthony,

if this is used for a distribute-list in BGP and you don't send a default route to branch office you need to add the statement for DR site voice vlan.

if access-list 8 is used for voip again you need to add the DR site for other reasons.

Hope to help

Giuseppe

Hi Giuseppe,

How do I find out if it is used for a distribute-list in BGP?

Also how can I find out this access-list 8 is used for VOIP.

Can I add this route to access-list 8 during business hours.

I know they are stupid questions but I just want to make sure I am doing the right thing.

Thanks a million

Anthony.

Hello Anthony,

first of all I would check on the branch outer if there is a BGP default route

use sh ip bgp 0.0.0.0

sh ip route 0.0.0.0 to check

if a BGP default route is here STOP the problem is something else.

if a default route is missing the advertisement of the DR site VoIP subnet is needed.

go on the HQ router that has the BGP sessions with the branch router(s)

(you can find it from the branch router doing

sh ip bgp summary and sh ip bgp neighbor)

on the HQ router you need to go at the beginning of BGP process

sh run | beg router bgp

then you need to find out all the lines related to the branch router

the branch can be part of a peer-group

to find the ip address used by the branch use

sh ip bgp branchoffice-ipsubnet

if you see lines like

neigh 1.1.1.1 distribute-list 8 out

or you see something like

neigh 1.1.1.1 route-map name out

then you need to find out what route-map name is (it is later in config or use sh route-map name)

you should find some form of filtering towards the branch

and you need to update the filter to add the DR site voip subnet

if all I've described above is true you can also update the ACL or prefix-list during business hours.

Hope to help

Giuseppe

Hi Giuseppe,

sh ip bgp 0.0.0.0

% Network not in table

ENNISCORTHY#sh ip bgp 10.x.x.1 (ip address of router)

BGP routing table entry for 10.x.x.0/24, version 47

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Multipath: eBGP

Advertised to update-groups:

1

Local

0.0.0.0 from 0.0.0.0 (192.168.x.x)

Origin incomplete, metric 1, localpref 100, weight 32768, valid, sourced, best

sh ip bgp 0.0.0.0

% Network not in table

ENNISCORTHY#sh ip bgp ipaddressof branchofficerouter

BGP routing table entry for 10.2.x.x/24, version 47

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Multipath: eBGP

Advertised to update-groups:

1

Local

0.0.0.0 from 0.0.0.0 (192.168.x.x)

Origin incomplete, metric 1, localpref 100, weight 32768, valid, sourced, best

We are not using disrtribute lists.

In order to add in the access-list, I know there is an explicit deny any at the end. Can I just:

conf t

access-list 8 permit 10.180.0.0 0.0.255.255

Do I need to copy in all the access-list lines?

Thanks a million for all your help

Anthony.

Hello Anthony,

the ACL can be modified on the fly only in the case of an add like yours the implicit deny any is moved down after the new last statement.

But before on the branch router do

sh ip route 0.0.0.0

sh ip route 10.180.x.y

and ping 10.180.x.y to verify that ip connectivity is really a problem

you can use an extended ping with source=branch site voip ip subnet

destination= 10.180.x.y DR site voip subnet.

if you like because these ip addresses (10/8 ) are private addresses you can post the bgp config of the hub router there is no security risk

(RFC 1918 private ip addresses).

because before changing ACL 8 I would recommend to understand where is used and how.

Last note:

to remove a statement from ACL 8 it is more difficult:

you need to copy to an editor the whole ACL

then you issue

no access-list 8

then you copy back the lines that you want to keep but this is not riskless as you can understand.

It is better to be careful before.

make the ping test I suggested and post the results so we can detect if there is a routing problem.

Hope to help

Giuseppe

Hi Giuseppe,

Hope you had a good weekend.

ENNISCORTHY#sh ip route 0.0.0.0

Routing entry for 0.0.0.0/0, supernet

Known via "static", distance 240, metric 0 (connected), candidate default path

Routing Descriptor Blocks:

* directly connected, via Multilink1

Route metric is 0, traffic share count is 1

ENNISCORTHY#sh ip route 10.180.0.0

% Subnet not in table

ENNISCORTHY#ping 10.180.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.180.1.1, timeout is 2 seconds:

U.U.U

Success rate is 0 percent (0/5)

When I do a sh ip bgp on the branch router, there is no entry for the 10.180.x.y subnet.

BGP Config:

router bgp 65500

no synchronization

bgp log-neighbor-changes

network 83.71.49.136 mask 255.255.255.252

network 159.134.72.156 mask 255.255.255.252

redistribute ospf 1 route-map local-networks

neighbor 10.1.1.202 remote-as 65500

neighbor 10.1.1.202 next-hop-self

neighbor 10.1.1.202 distribute-list 4 out

neighbor 159.144.72.57 remote-as 5466

neighbor 159.144.72.57 send-community

neighbor 159.144.72.57 distribute-list 1 in

neighbor 159.144.72.57 distribute-list 8 out

neighbor 159.144.72.57 route-map increase-odd-localpref in

neighbor 159.144.72.57 route-map odd-community out

distance bgp 20 20 25

distance 115 159.144.72.57 0.0.0.0 Mullingar-prefixes

distance 115 10.1.1.202 0.0.0.0 Mullingar-prefixes

I have changed the ip address in the above config.

Do you recommend making this ACL change now.

Thanks

Anthony.

The bgp setting that I sent you was from one of our HQ routers.

This is the config from one of our branch offices:

router bgp 65500

bgp log-neighbor-changes

neighbor 113.94.175.249 remote-as 5466

maximum-paths 4

We have two main HQ routers,

Router1:

router bgp 65500

no synchronization

bgp log-neighbor-changes

network 83.71.49.136 mask 255.255.255.252

network 159.134.72.156 mask 255.255.255.252

redistribute ospf 1 route-map local-networks

neighbor 10.1.1.202 remote-as 65500

neighbor 10.1.1.202 next-hop-self

neighbor 10.1.1.202 distribute-list 4 out

neighbor 159.134.72.157 remote-as 5466

neighbor 159.134.72.157 send-community

neighbor 159.134.72.157 distribute-list 1 in

neighbor 159.134.72.157 distribute-list 8 out

neighbor 159.134.72.157 route-map increase-odd-localpref in

neighbor 159.144.72.57 route-map odd-community out

distance bgp 20 20 25

distance 115 159.144.72.57 0.0.0.0 Mullingar-prefixes

distance 115 10.1.1.202 0.0.0.0 Mullingar-prefixes

no auto-summary

access-list 4 deny 10.100.0.0 0.0.255.255

access-list 4 deny 10.12.0.0 0.0.255.255

access-list 4 permit any

Router 2:

router bgp 65500

no synchronization

bgp log-neighbor-changes

redistribute ospf 1 route-map local-networks

neighbor 10.1.1.102 remote-as 65500

neighbor 10.1.1.102 next-hop-self

neighbor 10.1.1.102 distribute-list 4 out

neighbor 83.171.50.225 remote-as 5466

neighbor 83.171.50.225 send-community

neighbor 83.171.50.225 distribute-list 1 in

neighbor 83.171.50.225 distribute-list 6 out

neighbor 83.171.50.225 route-map increase-even-localpref in

neighbor 183.71.50.225 route-map even-community out

distance bgp 20 20 25

distance 115 83.71.50.225 0.0.0.0 Mullingar-prefixes

distance 115 10.1.1.102 0.0.0.0 Mullingar-prefixes

no auto-summary

access-list 4 deny 10.100.0.0 0.0.255.255

access-list 4 deny 10.12.0.0 0.0.255.255

access-list 4 permit any

For router 1 I was going to add:

access-list 8 permit 10.180.0.0 0.0.255.255

For router 2 I was going to add:

access-list 6 permit 10.180.0.0 0.0.255.255

What do you think?

Thanks a million for your help.

Anthony.

Hello Anthony,

how the scenario is more clear.

the sessions are done via the service provider so you need to update the acl towards AS 5466

so the lists to be updated are 8 in HQ R1 and 6 on HQ R2

We had some similar problems caused by our internal MPLS network

Hope to help

Giuseppe

Hi Giuseppe,

I added in those two access lists into our two routers in HQ.

I then ran a sh ip bgp in one of our branches and this 10.180 route is not listed as one of the routes, could it take a while for the route to populate into the table.

Do I need to do a soft reset on the two HQ routers?

Thanks a million for your help.

Anthony.