Consider the following scenarios.
I have two Branch offices (assume AS2 )connected via same router (assume AS3) like the topo below.
I have iBGP in each site routers (b/w CE1, R2, R3 and b/w CE2,R6, RR2, R7). The IGP is OSPF and from GW in which I have eBGP AS3 I am able to ping each wings loopback. For example from GW I can ping 192.168.3.1 - 5 and can ping 192.168.2.1 - 5 ). I have "show ip bgp" output as this in GW.
GW#show ip bgp
BGP table version is 11, local router ID is 184.108.40.206
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.2.1/32 220.127.116.11 0 2 i
*> 192.168.2.2/32 18.104.22.168 0 2 i
*> 192.168.2.3/32 22.214.171.124 0 2 i
*> 192.168.2.4/32 126.96.36.199 0 2 i
*> 192.168.2.5/32 188.8.131.52 0 2 i
*> 192.168.3.1/32 184.108.40.206 0 2 i
*> 192.168.3.2/32 220.127.116.11 0 2 i
*> 192.168.3.3/32 18.104.22.168 0 2 i
*> 192.168.3.4/32 22.214.171.124 0 2 i
*> 192.168.3.5/32 126.96.36.199 0 2 i
Now the requirement is to be able to ping 192.168.3.0 block from R3 and 192.168.2.0 from R7. Can anyone throw some light here.
BGP config on GW:
GW#show runn | beg bgp
router bgp 3
network 188.8.131.52 mask 255.0.0.0
neighbor 184.108.40.206 remote-as 2
neighbor 220.127.116.11 ebgp-multihop 2
neighbor 18.104.22.168 update-source Loopback1
neighbor 22.214.171.124 remote-as 2
neighbor 126.96.36.199 ebgp-multihop 2
neighbor 188.8.131.52 update-source Loopback1
neighbor 184.108.40.206 next-hop-self
Let me know what I am missing.
BGP has a loop prevention behavior when BGP recieve a route via eBGP session and see its own AS number in the AS path it will not install it in the routing table
one way to fix it is use as-override command in the ISP/GW router where it will remove the AS of the source and keep its own AS only which is AS 3
Hope this help
if helpful rate
Just to add some more points to the solution to the above issue:
The Default AS-Path loop prevention mechanism can be tweaked in 2 ways:
1. By the ISP using "as-override" per eBGP neighbour session config under VRF specific context-only possible when CEs(belonging to same AS) are MPLS VPN customers
2. By the CE (belonging to the same AS) using "allow-as in" per eBGP neighbour session for IPv4 eBGP peering.
Since here the GW Router is doing IPv4 eBGP peering we would need to configure the "allow-as in" command on the CE2,CE3 routers to accept their own AS-Path in the eBGP update from AS3.
Hope this helps you resolve your issue.
Hi Marwanshawi / Vaibhava Varma,
Thanks for the solutions. I might have not considered about routing loops and bgp would by default block the same AS coming in via different AS which could be the case in real scenarios. Anyways, this is a brilliant suggestion from both of you. Will try out all the solution and let you guys know.
Thanks a lot guys,
I tried the option "allowas-in" in CE's but didnt work. To make sure I changed the AS number in right flank ( Currently it is 4 and configuration changed accordingly). Now both the routes (192.168.3.x and 192.168.2.x) are seen in bgp table and pingable from GW router. But still CE2 is not able to ping 192.168.2.x and CE1 is not able to ping 192.168.3.x.
Traceroute on CE2 to 192.168.2.1 is this
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 220.127.116.11 12 msec 24 msec 12 msec
2 18.104.22.168 8 msec 32 msec 20 msec
3 * * *
It is hitting the interface of CE1 router from GW. The packet has been dropped there in se 1/0 of CE1. The routing table of CE 1 still has 192.168.2.x network which is the destination learnt via iBGP.
So we have now the routes present in the routing table at the CEs.
What is the source of your ping. Is it the CE's Interface IP connecting to PE. Have you advertsied the same via eBGP or not.
Can you try a Source based ping across CEs using the loopbacks as source.
i agree with Varma, it is almost the source IP is not reachable as long as you see both ends loopbacks then source the pin from one of these loopbacks
by the way have you tried the as-override command ?