cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1862
Views
9
Helpful
20
Replies

iBGP advertisements

isabelpgv1
Level 1
Level 1

Hello,

I'm having a problem trying to advertise from one bgp AS  to two other routers with different bgp AS.   if you see the image below, R2 is on AS 64520 and R1 and R3 are in AS 64550.   I'm starting with BGP and I am stuck on this, for some reason, not all routes are been advertised, I don't know what is the trick to do here.  thanks,

BGP example.JPG

R1:

Interface GigabitEthernet0/0
no switchport
ip address 192.168.101.1 255.255.255.252
negotiation auto
router bgp 64550
bgp log-neighbor-changes
neighbor 192.168.101.2 remote-as 64520
neighbor 192.168.101.2 description R2
!
address-family ipv4
  network 192.168.101.0 mask 255.255.255.252
  neighbor 192.168.101.2 activate
exit-address-family

R2

interface GigabitEthernet0/0
ip address 192.168.100.2 255.255.255.252
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 192.168.101.2 255.255.255.0
duplex auto
speed auto
media-type rj45

router bgp 64520
bgp log-neighbor-changes
neighbor 192.168.100.1 remote-as 64550
neighbor 192.168.100.1 description R3
neighbor 192.168.101.1 remote-as 64550
neighbor 192.168.101.1 description R1
!
address-family ipv4
  network 192.168.100.0 mask 255.255.255.252
  network 192.168.101.0 mask 255.255.255.252
  neighbor 192.168.100.1 activate
  neighbor 192.168.101.1 activate
exit-address-family

R3

Interface GigabitEthernet0/0
no switchport
ip address 192.168.100.1 255.255.255.252
negotiation auto

!
router bgp 64550
bgp log-neighbor-changes
neighbor 192.168.100.2 remote-as 64520
neighbor 192.168.100.2 description R2
!
address-family ipv4
  network 192.168.100.0 mask 255.255.255.252
  neighbor 192.168.100.2 activate
exit-address-family

4 Accepted Solutions

Accepted Solutions

M02@rt37
VIP
VIP

hello @isabelpgv1,

You have eBGP peering configured on your topology.

R1 ---eBGP--- R2---eBGP---R3

Since R1 and R3 on the same AS 64550, R3 drop prefix from R1 (advertised by R2) because of the AS_PATH ; it contains its own ASN. Same thing from R1 perspective.

Add allowas-in feature:

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/112236-allowas-in-bgp-config-example.html

R1 add: neighbor 192.168.101.2 allowas-in

R3 add: neighbor 192.168.100.2 allowas-in

 

--"allowas-in" typically refers to a configuration option that allows a BGP router to accept routes with its own AS (Autonomous System) number in the AS_PATH attribute. By default, BGP implementations will reject routes containing their own AS number in the AS_PATH attribute to prevent routing loops. The "allowas-in" feature can be useful in scenarios where certain route reflectors or peers are configured to include the local AS number in the AS_PATH attribute when propagating routes. By enabling this feature, a router can accept these routes and avoid potential black-holing or suboptimal routing scenarios.

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

@isabelpgv1 

Please on R2 modify this mask to 255.255..255.252 !

M02rt37_0-1689864608576.png

after that clear bgp and retry ping tests.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

It work for my side 
BUT this design have two issue 
1- 
we advertise the LINK between BGP neighbor via BGP, this I dont recommend AT ALL and for any case avoided it 
then how can I test config 
config LO in R1(IOU1 in my lab) and R3(IOU3 in my lab)
advertise these LO and test ping between it 

2-
allowas-in we use this feature in VPNv4 super backbone, but here it make LOOP 
how I know there is LOOP 
if we check show ip bgp 
we see 200.0.0.0 (subnet between IOU2 and IOU3) have two path 
one with next-hop 0.0.0.0 that OK since we advertise this subent via BGP (point1) 
other via IOU2 which I dont run any network command, so from where ? 200.0.0.0 is advertise by IOU1, this LOOP and unpredictable behave.

Screenshot (972).pngScreenshot (973).png

View solution in original post

Harold Ritter
Level 12
Level 12

Hi @isabelpgv1 ,

Interface gi0/1 on R2 has the wrong mask. This is causing confusion in BGP. Please fixed it and retry.

interface GigabitEthernet0/1
ip address 192.168.101.2 255.255.255.0

should be 

ip address 192.168.101.2 255.255.255.252

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

20 Replies 20

M02@rt37
VIP
VIP

hello @isabelpgv1,

You have eBGP peering configured on your topology.

R1 ---eBGP--- R2---eBGP---R3

Since R1 and R3 on the same AS 64550, R3 drop prefix from R1 (advertised by R2) because of the AS_PATH ; it contains its own ASN. Same thing from R1 perspective.

Add allowas-in feature:

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/112236-allowas-in-bgp-config-example.html

R1 add: neighbor 192.168.101.2 allowas-in

R3 add: neighbor 192.168.100.2 allowas-in

 

--"allowas-in" typically refers to a configuration option that allows a BGP router to accept routes with its own AS (Autonomous System) number in the AS_PATH attribute. By default, BGP implementations will reject routes containing their own AS number in the AS_PATH attribute to prevent routing loops. The "allowas-in" feature can be useful in scenarios where certain route reflectors or peers are configured to include the local AS number in the AS_PATH attribute when propagating routes. By enabling this feature, a router can accept these routes and avoid potential black-holing or suboptimal routing scenarios.

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

thanks for the reply.

I have added allowas-in and deleted, but i added it again. and i see that other route but I'm unable to ping that other router.

R3#sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

 

Gateway of last resort is not set

 

      192.168.101.0/30 is subnetted, 1 subnets
B        192.168.101.0 [20/0] via 192.168.100.2, 00:01:06
R3#ping 192.168.101.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R31#

you need ping with source 
i.e.
ping 192.168.101.1 source <IP known by R1>

all other config additional to allowas-in is correct 

I tried, but still not working, i can ping the R2 but now R1

R3#ping 192.168.101.2 source 192.168.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
R3#ping 192.168.101.1 source 192.168.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.101.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.1
.....
Success rate is 0 percent (0/5)
R3#

@isabelpgv1,

Does this ping is OK?

From R2 #ping 192.168.101.1 source 192.168.100.2

Thanks!

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

thank you.  it's working, the problem was the mask on R2 was wrong.   Thank you.

Great!

You're welcome @isabelpgv1 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

@isabelpgv1 

Please on R2 modify this mask to 255.255..255.252 !

M02rt37_0-1689864608576.png

after that clear bgp and retry ping tests.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

thank you.  that was the problem all along.  Thank you.

@isabelpgv1 

   Share the command show ip route from both routers. 

Hi, below the ip routes

R1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

 

Gateway of last resort is not set

 

      192.168.1.0/30 is subnetted, 1 subnets
B        192.168.1.0 [20/0] via 192.168.101.2, 00:00:45
      192.168.100.0/30 is subnetted, 1 subnets
B        192.168.100.0 [20/0] via 192.168.101.2, 00:00:45
      192.168.101.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.101.0/30 is directly connected, GigabitEthernet0/0
L        192.168.101.1/32 is directly connected, GigabitEthernet0/0
R1#

R3#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

 

Gateway of last resort is not set

 

      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/30 is directly connected, GigabitEthernet0/1
L        192.168.1.1/32 is directly connected, GigabitEthernet0/1
      192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.100.0/30 is directly connected, GigabitEthernet0/0
L        192.168.100.1/32 is directly connected, GigabitEthernet0/0
      192.168.101.0/30 is subnetted, 1 subnets
B        192.168.101.0 [20/0] via 192.168.100.2, 00:00:30
R3#

now they can see some routes, but they are unable to ping R1 and R3

@isabelpgv1,

perfect! Now you need to add source to your ping !

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Hello @isabelpgv1 ,

try to use the traceroute to see if the probe packet sourced from R3 reaches R1 and viceversa

because R2 has network commands in BGP for both its LAN interfaces this lab could work even without neighbor allow-as in applied from R1 and R3 to R2 neighbor IP address respectively.

Are you sure there is no ACL applied to the LAN interfaces on R1 or R3 or R2?

Hope to help

Giuseppe

 

thanks,  allowas-in works.  i had a second problem with the mask configuration.

Review Cisco Networking for a $25 gift card