06-03-2022 11:45 AM
Hello everyone,
Am hoping someone has any idea or know of a situation where the routing table updates as expected, i.e. shows the correct route, but the forwarding table does not point to the correct next hop/outgoing interface in the cef table?
I know it's not correct because it never reaches the next hop IP in the routing table, e.g. when i do a traceroute, but instead redirects to a longer failover backup route. The prefixes and failover in the network are created with iBGP peering (not sure how relevant that is).
If i force it to go the next hop i want it to with a static route it of course redirects and updates the CEF with that. This next hop is configured as a L2 uplink as below
interface Port-channel3 switchport trunk allowed vlan 82,572,662,1402 switchport mode trunk end
the next hop device is a Palo Alto firewall where each of the above vlans are L3 subinterfaces. There is an established iBGP peering using vlan interface 1402 and the subinterface on the Palo device. The next hop IP on the Palo device is 172.16.140.6 and it's supposed to use this next hop to reach the GW of last resort, which is distributed via BGP.
Router1#sh ip bgp 0.0.0.0 BGP routing table entry for 0.0.0.0/0, version 413 Paths: (2 available, best #2, table default) Not advertised to any peer Refresh Epoch 1 64999 786 194.82.98.1 from 172.16.2.158 (172.16.2.149) Origin IGP, localpref 100, valid, internal Community: 51512296 rx pathid: 0, tx pathid: 0 Refresh Epoch 1 64999 786 194.82.96.1 from 172.16.140.6 (172.16.0.1) Origin IGP, localpref 100, valid, internal, best Community: 51512296 rx pathid: 0, tx pathid: 0x0
So although it's saying 140.6 is the best path, the CEF table doesn't agree and instead attempts to reach 0.0.0.0 using the alternative path, which I don't want it to:
Router1#sh ip cef 0.0.0.0/0 0.0.0.0/0 nexthop 172.16.25.1 TenGigabitEthernet1/0/12
Any ideas why the CEF table wouldn't update?
06-03-2022 12:04 PM - edited 06-03-2022 12:54 PM
Hi @Hassaan ,
The next-hop for your BGP best path is 194.82.96.1.
Can you do a "show ip route 194.82.96.1"?
Can you also provide the output for "show ip route 0.0.0.0/0"?
Regards,
06-03-2022 12:35 PM - edited 06-03-2022 01:26 PM
Show ip route 172.16.140.6
""This point to 172.16.25.1""
So next hop is using 172.16.25.x
you need igp to make router know this next hop of defualt route or use next hop self to make ibgp change next hop to it interface ip.
06-04-2022 08:23 AM
@Harold Ritter Thanks, i ran those commands and that gave me the clue as to what the issue was. It turns out the 194.82.96.0 route was being exported over OSPF from a router along the backup path. All i needed to do was create an export policy for that route from the Palo firewall and then set a higher local preference on the Cisco router so it can take precedence in the routing table.
06-04-2022 08:32 AM
not LP what you need, weight recommend from cisco if I am right that this is your case.
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/213285-understand-the-importance-of-bgp-weight.html
06-04-2022 08:42 AM
Hi @Hassaan ,
I am glad I pointed you in the direction and that you fixed the issue.
Have a great day.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide