Configured ebgp-multihop but can't form neighborship with loopback addresses

MikeAW2010 · ‎02-11-2021

This is happening throughout the entire topology with eBGP peers. I can ping the physical interface but cannot ping the loopback address. It appears no neighborship is forming.

I configured both ways -- ebgp-multihop 2 and also ebgp-multihop 1 between R6 and R7 while testing - both failed. I also configured update-source lo0 between R6 and R7 to see if that would work but it did not, although it did work in iBGP between R1 to R2 and R1 to R3.

I am using a Cisco IOL OS on eve-ng and am wondering if I have met a software limitation. If anyone could review my configs and let me know if I configured it properly, I would be grateful.

To prevent clutter I am going to post the config only of R6 and R7

R6 Configuration

R6#show run
Building configuration...

Current configuration : 1819 bytes
!
! Last configuration change at 15:54:07 CST Thu Feb 11 2021
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
!


!
no ip dhcp use vrf connected
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface Ethernet0/0
 ip address 10.1.36.6 255.255.255.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 ip address 10.1.67.6 255.255.255.0
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
router bgp 777
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 5500
 neighbor 3.3.3.3 ebgp-multihop 2
 neighbor 7.7.7.7 remote-as 711
 neighbor 7.7.7.7 ebgp-multihop 2
 neighbor 7.7.7.7 update-source Loopback0
 neighbor 10.1.36.3 remote-as 5500
 neighbor 10.1.67.7 remote-as 711
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
 transport input none
!
!
end

R7 Configuration

R7#show run
Building configuration...

Current configuration : 1876 bytes
!
! Last configuration change at 15:55:05 CST Thu Feb 11 2021
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R7
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
!


!
no ip dhcp use vrf connected
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 7.7.7.7 255.255.255.255
!
interface Loopback1
 ip address 200.60.2.1 255.255.255.0
!
interface Ethernet0/0
 ip address 10.1.57.7 255.255.255.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 ip address 10.1.67.7 255.255.255.0
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
router bgp 711
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 911
 neighbor 5.5.5.5 ebgp-multihop 2
 neighbor 6.6.6.6 remote-as 777
 neighbor 6.6.6.6 ebgp-multihop 2
 neighbor 6.6.6.6 update-source Loopback0
 neighbor 10.1.57.5 remote-as 911
 neighbor 10.1.67.6 remote-as 777
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
 transport input none
!
!
end

balaji.bandi · ‎02-11-2021

if you do not any IGP running between R6 and R7 Like OSPF or EIGRP, and announce loopbacks, in a normal environment loopback does not know how to reach other loopback interfaces, so add static route point to R6 towards R7 vice versa, basic requirement BGP to form relation is L3 reachability.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Martin L · ‎02-11-2021

Can you ping R6 or R7 sourcing loopback IP? for example ping 7.7.7.7 source 6.6.6.6 ?

BGP uses TCP to establish peering; TCP will not work if you do not have a route between server/client. there are suggestions that ISPs uses directly connected links rather then loopbacks to establish BGP. one way to check this is via BGP looking glass.

Regards, ML
**Please Rate All Helpful Responses **

Georg Pauwen · ‎02-11-2021

Hello,

make the changes marked in bold to your configurations:

R6#show run
Building configuration...

Current configuration : 1819 bytes
!
! Last configuration change at 15:54:07 CST Thu Feb 11 2021
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
no ip icmp rate-limit unreachable
!
no ip dhcp use vrf connected
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Ethernet0/0
ip address 10.1.36.6 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
ip address 10.1.67.6 255.255.255.0
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
router bgp 777
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 5500
neighbor 3.3.3.3 ebgp-multihop 2
neighbor 7.7.7.7 remote-as 711
neighbor 7.7.7.7 ebgp-multihop 2
neighbor 7.7.7.7 update-source Loopback0
neighbor 10.1.36.3 remote-as 5500
--> no neighbor 10.1.67.7 remote-as 711
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
--> ip route 7.7.7.7 255.255.255.255 10.1.67.7
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input none
!
!
end

R7 Configuration

R7#show run
Building configuration...

Current configuration : 1876 bytes
!
! Last configuration change at 15:55:05 CST Thu Feb 11 2021
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R7
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone CST -6 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
no ip icmp rate-limit unreachable
!
no ip dhcp use vrf connected
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Loopback1
ip address 200.60.2.1 255.255.255.0
!
interface Ethernet0/0
ip address 10.1.57.7 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
ip address 10.1.67.7 255.255.255.0
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
router bgp 711
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 911
neighbor 5.5.5.5 ebgp-multihop 2
neighbor 6.6.6.6 remote-as 777
neighbor 6.6.6.6 ebgp-multihop 2
neighbor 6.6.6.6 update-source Loopback0
neighbor 10.1.57.5 remote-as 911
--> no neighbor 10.1.67.6 remote-as 777
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
--> ip route 6.6.6.6 255.255.255.255 10.1.67.6
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input none
!
end

paul driver · ‎02-11-2021

Hello
For bgp peering on loopback you do indeed require NLRI towards them so to establish a connection, bit it via specific static routing or and IGP.
Also you don’t really require ebgp multi-hop, Thats only to inform bgp that the loopbacks are not directly connected

To negate that bgp check use disable-connected-check to bypass bgp directly connected rule.

As for route advertisement you should negate allowing AS transit path routing, to do this:
AS 500, 911,711 and for all routers advertised all connected interfaces

Example:
AS 500, 911,711 rtrs
ip as-path access-list 10 permit ^$

router bgp x
neighbor xxx filter-list 10 out

All rtrs
router bgp x
neighbor xxx disable-connected-check
network xxxxx mask xxxxxx

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MikeAW2010 · ‎02-11-2021

Thanks for the help so far. Which method would be the CCNP methodology and also, if one must set up a static route between the two loopback peers, what is the point of using bgp between them?

balaji.bandi · ‎02-11-2021

In most cases (e)BGP will be used with an external provider for peering and route exchange, if you like you can IGP for internal routing for dynamic (if you do not like any Static Routings - hard to maintain and remember) - you can also use iBGP internally - depends on the use case.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎02-12-2021

Hello
loopbacks are not directly connected and bgp by default expects to have a directly connected peer it will source its connection based on its directly connected physical interface
To use loopbacks to peer bgp then each rtr will need to know how to reach those loopbacks addresses and the only way to do that is either though an igp or static routing (former is preferred)

once you have reachability then you have to tell the bgp to source its peering via its loopbacks (update-source) or disable that check (disable-connected)

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul