Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3036
Views
0
Helpful
4
Replies

eBGP configuration under sub-interface

Abayomi Smith
Level 1
Level 1

‎10-30-2012 08:39 AM - edited ‎03-04-2019 06:00 PM

Hello folks,

Once again I have come with a question I would be happy if anyone can help out with.

I have been tasked to configure eBGP with a PE router. According to the provider they have asked that a sub-interface be configured under the physical interface connecting to the PE equipment with both routers in different AS's.

The set up for illustartion purposes is as below.

CE_1(AS6111)------------PE_E(AS1261)-------------PE_BB(AS200)--------PE(AS921)--------CE_2(AS5432)

I have copied an excerpt of the configuration given with details for the CE_1 router below.

interface fa0/0/1

descriptionMPLS connection to PE_E

bandwidth 2000

ip mtu 1500

load-interval 30

duplex auto

speed auto

no  ip redirected broadcast

ip route-cache cef

!

Int fa0/0/1.83

description ***MGT connection to PE_E***

bandwidth 2000

ip address 172.168.23.2 255.255.255.252

encapsultaion dot1Q 83

no cdp enable

!

!

router bgp 6111

no synchronization

bgp log-neighbor-changes

bgp deterministic-med

redistribute connected route-map internal

neighbor 172.168.23.1 remote-as 1261

neighbor 172.168.23.1 send-community

neighbor 172.168.23.1 ebgp-multihop 2

neighbor 172.168.23.1 update-source fa0/0/1.83

neighbor 172.168.23.1 soft-reconfiguration inbound

neighbor 172.168.23.1 description VPNV4 to PE_E

neighbor 172.168.23.1 route-map vpn_in in

neighbor 172.168.23.1 route-map vpn_out out

no auto-summary

!

!

!

ip route 172.168.23.1 255.255.255.252 int gi1/0/1.83 (next hop connected interface)

!

ip bgp-community new-format

!

!

ip as-path access-list 10 permit _200_

ip as-path access-list 10 permit _400_

ip as-path access-list 10 permit _600_

ip as-path access-list 10 permit _1261_

!

!

!

ip access-list extended management_traffic

permit ip any 192.168.76.0 0.0.0.255

permit ip any 192.168.78.0 0.0.3.255

permit ip any 192.168.88.0 0.0.0.255

permit ip any 192.168.98.0 0.0.3.255

permit ip any 213.117.29 0.0.0.0.255

!

route-map vpn_out deny 5

match as-path 10

!

route-map vpn-out permit 10

set community 1511:3000 1511:3001 1511:3005 1511:5009 additive

!

route-map vpn_in deny 5

match community 94

!

ip community-list 94 permit 1511:810

!

route-map customer_internal permit 10

match ip address internal

However  this does not work, no bgp session established, cant even ping PE_E (not suprised with the dodgy ip route statement, not even sure if its a direct conenction rather than ebgp as PE router interface and CE router interface given are in the same subnet and they havent given any ip for loopback on the PE router.)

All documentation I have consulted, I have seen the loopback address used rather than the physical interface as the update source.

I have raised the issue with them and they are still looking at it however, I would appreciate if anyone can look at this config and raise possible pointers as to what is wrong apart from the obvious.

Thanks in advance,

Yomi

Labels:
0 Helpful
4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

‎10-30-2012 08:47 AM

Does the ARP table have a valid MAC for 172.168.23.1?

0 Helpful

Abayomi Smith
Level 1
Level 1
In response to Collin Clark

‎10-30-2012 08:57 AM

Thanks Colin.

I have not checked but will check first thing tomorrow as I just left the client site. show ip bgp sum shows 172.168.23.1 as the neighbor  but no msg rcvd or sent and up/down never.

I did a bit of troubleshooting and debug ip bpg shows open failed: connection timed out; remote host not responding, open active delayed 19621ms (35000ms max, 60% jitter)

I will check the ARP table for the MAC address entry for PE router

0 Helpful

milan.kulik
Level 10
Level 10

‎10-30-2012 08:56 AM

Hi,

IMHO, you don't need neither

ip route 172.168.23.1 255.255.255.252 int gi1/0/1.83

nor

neighbor 172.168.23.1 update-source fa0/0/1.83

in your case.

I also see a discrepancy having gi1/0/1.83 in the route command while  fa0/0/1.83 connected to the PE?

Also neighbor 172.168.23.1 ebgp-multihop 2

should not be necessary if using interface IP addresses.

As you are saying you are not able to Ping the PE IP address which is in the same directly connected subnet, you need to fix this first.

I guess the encapsulation VLAN ID might be incorrect?

HTH,

Milan

0 Helpful

Abayomi Smith
Level 1
Level 1
In response to milan.kulik

‎10-30-2012 09:08 AM

Thanks Milan,

Yes I am not able to ping the PE router connecting interface. To be honest the SP isnt really helping matters, I want to believe they are directly connected based on the fact that they are in the same subnet. I suspect the problem is on the SP end as the transmit port on the DSU of the SP is permananetly amber while receive is blinking green. This I have also raised with them and they are looking into it.

0 Helpful
Customers Also Viewed These Support Documents