06-24-2019 08:59 AM
It seems I have to paths to a network, also physically have two paths, but only one is getting into the route table?
CORE-9500-01#show ip bgp 10.20.41.0
BGP routing table entry for 10.20.41.0/24, version 13
Paths: (2 available, best #2, table default)
Multipath: iBGP
Not advertised to any peer
Refresh Epoch 1
Local, (received & used)
172.16.63.5 (metric 20) from 172.16.63.4 (172.16.63.4)
Origin IGP, metric 0, localpref 100, valid, internal
Originator: 172.16.63.5, Cluster list: 10.111.111.1
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
Local, (received & used)
172.16.63.5 (metric 20) from 172.16.63.3 (172.16.63.3)
Origin IGP, metric 0, localpref 100, valid, internal, best
Originator: 172.16.63.5, Cluster list: 10.111.111.1
rx pathid: 0, tx pathid: 0x0
!
!
CORE-9500-01#show ip bgp
BGP table version is 15, local router ID is 172.16.63.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 10.20.40.0/24 172.16.63.5 0 100 0 i
*>i 172.16.63.5 0 100 0 i
* i 10.20.41.0/24 172.16.63.5 0 100 0 i
*>i 172.16.63.5 0 100 0 i
*>i 10.20.42.0/24 172.16.63.5 0 100 0 i
* i 172.16.63.5 0 100 0 i
*>i 10.20.50.0/24 172.16.63.5 0 100 0 i
* i 172.16.63.5 0 100 0 i
!
!
CORE-9500-01#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
B 10.20.40.0/24 [200/0] via 172.16.63.5, 00:08:43
B 10.20.41.0/24 [200/0] via 172.16.63.5, 00:08:37
B 10.20.42.0/24 [200/0] via 172.16.63.5, 00:08:49
B 10.20.50.0/24 [200/0] via 172.16.63.5, 00:08:32
C 10.53.100.0/30 is directly connected, FortyGigabitEthernet1/0/29
L 10.53.100.2/32 is directly connected, FortyGigabitEthernet1/0/29
C 10.53.100.4/30 is directly connected, FortyGigabitEthernet1/0/30
L 10.53.100.6/32 is directly connected, FortyGigabitEthernet1/0/30
O 10.53.100.8/30
[110/11] via 10.53.100.1, 5d02h, FortyGigabitEthernet1/0/29
O 10.53.100.12/30
[110/11] via 10.53.100.5, 5d02h, FortyGigabitEthernet1/0/30
O 10.53.100.16/30
[110/11] via 10.53.100.1, 2d01h, FortyGigabitEthernet1/0/29
O 10.53.100.20/30
[110/11] via 10.53.100.5, 2d01h, FortyGigabitEthernet1/0/30
172.16.0.0/32 is subnetted, 5 subnets
C 172.16.63.1 is directly connected, Loopback0
O E2 172.16.63.2
[110/20] via 10.53.100.5, 5d02h, FortyGigabitEthernet1/0/30
[110/20] via 10.53.100.1, 5d02h, FortyGigabitEthernet1/0/29
O E2 172.16.63.3
[110/1] via 10.53.100.1, 5d02h, FortyGigabitEthernet1/0/29
O E2 172.16.63.4
[110/1] via 10.53.100.5, 5d02h, FortyGigabitEthernet1/0/30
O E2 172.16.63.5
[110/20] via 10.53.100.5, 2d01h, FortyGigabitEthernet1/0/30
[110/20] via 10.53.100.1, 2d01h, FortyGigabitEthernet1/0/29
CORE-9500-01#
I do have some router reflectors in the mix and I know there is limitations with RR I remember but not sure how they restrict multi-path to networks.
R1 peers iBGP with R3 and R4 via loopback.
R2 peer iBGP with R3 and R4 via lookback
Layer 3 switches peer iBGP with R3 and R4.
R3 and R4 are route reflectors. R1 clearly has two paths to any network on Layer 2 switches but only one shows in router table.
07-08-2019 02:01 PM - edited 07-08-2019 02:04 PM
Also this is still confusing to me....I see BGP multi-path from one side of the network to the destination, but not the other way around, I feel like they should match?
network 10.100.0.0/24 lives beyond the next hop (firewalls) If 10.100.0.0/24 lives on BGP 172.16.63.10 and OSPF shows two paths to get to 172.16.63.10, why would BGP not be marked as Multi-path?
CORE-9500-02#show ip bgp
BGP table version is 5, local router ID is 172.16.63.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 0.0.0.0 172.16.63.3 100 0 ?
*mi 172.16.63.4 100 0 ?
*>i 10.100.0.0/24 172.16.63.10 0 100 0 i
*> 192.168.1.0 0.0.0.0 0 32768 i
* i 172.16.63.1 0 100 0 i
*> 192.168.12.0 0.0.0.0 0 32768 i
* i 172.16.63.1 0 100 0 i
!
!
!
CORE-9500-02#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 172.16.63.4 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 172.16.63.4, 01:12:41
[200/0] via 172.16.63.3, 01:12:41
10.0.0.0/8 is variably subnetted, 9 subnets, 3 masks
O 10.53.100.0/30
[110/11] via 10.53.100.9, 01:14:10, FortyGigabitEthernet1/0/29
O 10.53.100.4/30
[110/11] via 10.53.100.13, 01:14:10, FortyGigabitEthernet1/0/30
C 10.53.100.8/30 is directly connected, FortyGigabitEthernet1/0/29
L 10.53.100.10/32 is directly connected, FortyGigabitEthernet1/0/29
C 10.53.100.12/30 is directly connected, FortyGigabitEthernet1/0/30
L 10.53.100.14/32 is directly connected, FortyGigabitEthernet1/0/30
O 10.53.100.24/30
[110/11] via 10.53.100.9, 01:14:10, FortyGigabitEthernet1/0/29
O 10.53.100.28/30
[110/11] via 10.53.100.13, 01:14:10, FortyGigabitEthernet1/0/30
B 10.100.0.0/24 [200/0] via 172.16.63.10, 00:13:26
172.16.0.0/32 is subnetted, 5 subnets
O E2 172.16.63.1
[110/20] via 10.53.100.13, 01:14:10, FortyGigabitEthernet1/0/30
[110/20] via 10.53.100.9, 01:14:10, FortyGigabitEthernet1/0/29
C 172.16.63.2 is directly connected, Loopback0
O E2 172.16.63.3
[110/1] via 10.53.100.9, 01:14:10, FortyGigabitEthernet1/0/29
O E2 172.16.63.4
[110/1] via 10.53.100.13, 01:14:10, FortyGigabitEthernet1/0/30
O E2 172.16.63.10
[110/20] via 10.53.100.13, 01:14:10, FortyGigabitEthernet1/0/30
[110/20] via 10.53.100.9, 01:14:10, FortyGigabitEthernet1/0/29
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.1.0/24 is directly connected, 01:12:41, Vlan11
L 192.168.1.3/32 is directly connected, Vlan11
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.12.0/24 is directly connected, 01:12:41, Vlan112
L 192.168.12.3/32 is directly connected, Vlan112
CORE-9500-02#
BUT....
I see this:
CORE-9500-02#show ip cef 10.100.0.0
10.100.0.0/24
nexthop 10.53.100.9 FortyGigabitEthernet1/0/29
nexthop 10.53.100.13 FortyGigabitEthernet1/0/30
07-08-2019 02:19 PM
Hello
@Steven Williams wrote:
why would BGP not be marked as Multi-path?
could you try -
router bgp xx
bgp dmzlink-bw <- all ibgp routers
maximum-paths ibgp xx
neighbor xxxx send-community
neighbor xxxx dmzlink-bw <ebgp peers
07-08-2019 02:22 PM
07-08-2019 05:22 PM
07-08-2019 11:56 PM - edited 07-09-2019 12:01 AM
Hello Steven,
as already explained in previous post in this thread you are performing direct iBGP sessions between loopbacks that are advertised in OSPF.
So what you see is normal, if device using loopback address 172.16.63.10 is the only one to advertise in iBGP network 10.100.0.0/24 you will have a single iBGP route for prefix installed in the IP routing table.
However, BGP uses recursion over the BGP next-hop, so traffic destined to prefix 10.100.0.0 can use both paths to 172.16.63.10 this is what you see in the CEF table.
>> CORE-9500-02#show ip cef 10.100.0.0
10.100.0.0/24
nexthop 10.53.100.9 FortyGigabitEthernet1/0/29
nexthop 10.53.100.13 FortyGigabitEthernet1/0/30
The key point here is to look at the output of
show ip bgp 10.100.0.0
if there is a single BGP path iBGP multipath can install only one path. However, thanks to BGP recursion over next-hop traffic can be sent over the two OSPF paths to BGP next-hop.
If multiple BGP paths are present for prefix 10.100.0.0 look at the IGP metric to next-hop the second advertisement can come from a device with an higher OSPF metric then device with IP 172.16.63.10.
I think mBGP can use paths that have same values of IGP metric to next-hop as seen by OSPF.
Hope to help
Giuseppe
07-09-2019 04:17 AM
07-09-2019 05:27 AM
Hello Steven,
the show ip bgp 10.100.0.0 output has a single entry.
You are using iBGP with a full mesh of iBGP sessions because standard iBGP peers do not propagate iBGP routes to another iBGP peer. This can be done by RRS, but you have removed them because they defeat / break the iBGP multipath feature.
Devices with IP 172.16.63.3 and 172.16.63.4 cannot send the BGP advertisement received from 172.16.63.10 to the 172.16.63.1, because they are not RRS anymore.
The missing part is the concept of recursion over BGP next-hop. This is part of BGP from the beginning.
Just to make an example it is the recursion over BGP next-hop that allows a router to use an MPLS Label Switched Path LSP with destination = remote PE loopback = BGP next-hop.
You have load balancing over OSPF for the BGP destination prefix thanks to BGP recursion to BGP next-hop, that means route the packets for BGP prefix like they were for the BGP next-hop, and so use all available paths to reach the BGP next-hop.
Of course, routers in the middle must be aware of the BGP prefix and agree on the BGP next-hop, so that traffic is correctly routed end to end.
In your case having a full mesh of iBGP sessions there is no risk of black holing traffic for net 10.100.0.0/24.
Hope to help
Giuseppe
07-09-2019 05:42 AM
07-09-2019 07:03 AM
Hello Steven,
a single best path is still chosen and it is the path provided via the lowest BGP router-id / BGP next-hop 172.16.63.3, so this path is flagged as * >i *= valid i = IBGP and > = best
The additional path provided by 172.16.63.4 is flagged as *mi *= valid, i = iBGP and m means this path is picked up by iBGP multipath feature, but it is not the single best path to prefix 0.0.0.0/0 as the > flag is present only on the path via 172.16.63.3.
However, the show ip route 0.0.0.0 provides you both entries as B [200/0] because iBGP multipath is occurring for this prefix.
Hope to help
Giuseppe
07-09-2019 07:29 AM
08-05-2019 05:23 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide