10-11-2011 04:58 PM - edited 03-04-2019 01:54 PM
Hi Experts,
Consider the following scenarios.
I have two Branch offices (assume AS2 )connected via same router (assume AS3) like the topo below.
I have iBGP in each site routers (b/w CE1, R2, R3 and b/w CE2,R6, RR2, R7). The IGP is OSPF and from GW in which I have eBGP AS3 I am able to ping each wings loopback. For example from GW I can ping 192.168.3.1 - 5 and can ping 192.168.2.1 - 5 ). I have "show ip bgp" output as this in GW.
GW#show ip bgp
BGP table version is 11, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.2.1/32 2.1.1.1 0 2 i
*> 192.168.2.2/32 2.1.1.1 0 2 i
*> 192.168.2.3/32 2.1.1.1 0 2 i
*> 192.168.2.4/32 2.1.1.1 0 2 i
*> 192.168.2.5/32 2.1.1.1 0 2 i
*> 192.168.3.1/32 2.2.1.1 0 2 i
*> 192.168.3.2/32 2.2.1.1 0 2 i
*> 192.168.3.3/32 2.2.1.1 0 2 i
*> 192.168.3.4/32 2.2.1.1 0 2 i
*> 192.168.3.5/32 2.2.1.1 0 2 i
GW#
Now the requirement is to be able to ping 192.168.3.0 block from R3 and 192.168.2.0 from R7. Can anyone throw some light here.
BGP config on GW:
GW#show runn | beg bgp
router bgp 3
no synchronization
bgp log-neighbor-changes
network 200.0.0.0 mask 255.0.0.0
neighbor 2.1.1.1 remote-as 2
neighbor 2.1.1.1 ebgp-multihop 2
neighbor 2.1.1.1 update-source Loopback1
neighbor 2.2.1.1 remote-as 2
neighbor 2.2.1.1 ebgp-multihop 2
neighbor 2.2.1.1 update-source Loopback1
neighbor 2.2.1.1 next-hop-self
no auto-summary
!.
Let me know what I am missing.
Thanks,
Ash
10-11-2011 06:37 PM
hi Ash
BGP has a loop prevention behavior when BGP recieve a route via eBGP session and see its own AS number in the AS path it will not install it in the routing table
one way to fix it is use as-override command in the ISP/GW router where it will remove the AS of the source and keep its own AS only which is AS 3
GW router:
neighbor
neighbor
Hope this help
if helpful rate
10-11-2011 07:46 PM
Hi Ash
Just to add some more points to the solution to the above issue:
The Default AS-Path loop prevention mechanism can be tweaked in 2 ways:
1. By the ISP using "as-override" per eBGP neighbour session config under VRF specific context-only possible when CEs(belonging to same AS) are MPLS VPN customers
2. By the CE (belonging to the same AS) using "allow-as in" per eBGP neighbour session for IPv4 eBGP peering.
Since here the GW Router is doing IPv4 eBGP peering we would need to configure the "allow-as in" command on the CE2,CE3 routers to accept their own AS-Path in the eBGP update from AS3.
Hope this helps you resolve your issue.
Regards
Varma
10-12-2011 04:40 PM
The second option allow AS works but more risky as it might cause routing loops
Is the issue fixed ?
10-12-2011 07:05 PM
Hi Marwanshawi / Vaibhava Varma,
Thanks for the solutions. I might have not considered about routing loops and bgp would by default block the same AS coming in via different AS which could be the case in real scenarios. Anyways, this is a brilliant suggestion from both of you. Will try out all the solution and let you guys know.
Thanks a lot guys,
Ashwin Kotha.
10-13-2011 04:23 PM
good luck and rate the helpful posts too
10-13-2011 10:10 PM
Hi Guys,
I tried the option "allowas-in" in CE's but didnt work. To make sure I changed the AS number in right flank ( Currently it is 4 and configuration changed accordingly). Now both the routes (192.168.3.x and 192.168.2.x) are seen in bgp table and pingable from GW router. But still CE2 is not able to ping 192.168.2.x and CE1 is not able to ping 192.168.3.x.
Traceroute on CE2 to 192.168.2.1 is this
CE2#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 200.0.2.1 12 msec 24 msec 12 msec
2 200.0.1.2 8 msec 32 msec 20 msec
3 * * *
4
It is hitting the interface of CE1 router from GW. The packet has been dropped there in se 1/0 of CE1. The routing table of CE 1 still has 192.168.2.x network which is the destination learnt via iBGP.
Thanks,
Ash
10-13-2011 10:16 PM
Hi Ash
So we have now the routes present in the routing table at the CEs.
What is the source of your ping. Is it the CE's Interface IP connecting to PE. Have you advertsied the same via eBGP or not.
Can you try a Source based ping across CEs using the loopbacks as source.
Regards
Varma
10-14-2011 12:02 AM
i agree with Varma, it is almost the source IP is not reachable as long as you see both ends loopbacks then source the pin from one of these loopbacks
by the way have you tried the as-override command ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide