Re: eBGP Peering with Secondary IP of Interface

tckoon · ‎08-12-2011

Reason to do so is because the IP is running out, need to additional subnet.

All the ISP is eBGP peering with each other in one VLAN, but due to growing number of ISPs the IP is running out

and new subnet is added as secondary IP in VLAN.

But the peering cannot up because the BGP local IP is alway bind to primary IP, not secondary IP.

Is there way to force it to use secondary IP as source address during BGP peering

R1

===

interface GigabitEthernet2/0

ip address 100.1.1.1 255.255.255.252 secondary

ip address 10.1.1.1 255.255.255.252

negotiation auto

!

router bgp 10081

no synchronization

bgp log-neighbor-changes

neighbor 100.1.1.2 remote-as 4818

neighbor 100.1.1.2 update-source GigabitEthernet2/0

no auto-summary

R2

===

interface GigabitEthernet2/0

ip address 100.1.1.2 255.255.255.252 secondary

ip address 10.1.1.2 255.255.255.252

negotiation auto

!

router bgp 4818

no synchronization

bgp log-neighbor-changes

neighbor 100.1.1.1 remote-as 10081

neighbor 100.1.1.1 update-source GigabitEthernet2/0

no auto-summary

*Aug 12 22:06:21.331: BGP: 100.1.1.2 open active, local address 10.1.1.1

*Aug 12 22:06:21.423: BGP: 100.1.1.2 read request no-op

*Aug 12 22:06:21.431: BGP: 100.1.1.2 open failed: Connection refused by remote host, open active delayed 23553ms (35000ms max, 60% jitter)

Marwan ALshawi · ‎08-12-2011

Try to use a local pbr to nat the primary ip to the secondary one for NGO session to the other end peer use the bellow work around

R1

interface Loopback1

ip address 1.1.1.1 255.255.255.255

ip nat inside

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0 secondary

ip address 10.0.0.1 255.255.255.0

ip nat outside

duplex auto

speed auto

router bgp 100

no synchronization

bgp log-neighbor-changes

neighbor 192.168.1.2 remote-as 100

no auto-summary

!

ip local policy route-map bgp

ip nat inside source static 10.0.0.1 192.168.1.1 extendable

ip http server

ip classless

!

access-list 100 permit tcp any any eq bgp

!

route-map bgp permit 10

match ip address 100

set interface Loopback1

Sent from Cisco Technical Support iPhone App

Marwan ALshawi · ‎08-12-2011

By the way if you are going to try it make sure in the pbr acl for bgp to put the destination as the next bgp peer otherwise all your other bgp session will be nated and fail

Good luck

If helpful rate

Sent from Cisco Technical Support iPhone App

Marwan ALshawi · ‎08-13-2011

Did you try the suggested bgp/pbr workaround ?

Sent from Cisco Technical Support iPhone App

Giuseppe Larosa · ‎08-14-2011

Hello tckoonp@hp,

I would suggest you to use two Vlan based subinterfaces instead of secondary address that are not meant to be used for routing purposes as you have seen

I agree that there is impact in doing this, but you can consider the use of native vlan and the fact that main interface can keep the current L3 interface configuration ( I don't like it but it is possible).

If all router ports connect to a switch all is needed is to convert the switch ports to a L2 trunk with native untagged vlan = current Vlan associated to primary addresses + the vlan for the new subnet.

I guess it is possible that the switches are not under your control, if your setup is in an internet exchange point.

If this is the case, they usually have a secondary VLAN for the peerings and all you need is to connect another GE port to the secondary peering VLAN.

Hope to help

Giuseppe