cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
0
Helpful
40
Replies
Hall of Fame Expert

Re: iBGP multi-path, what am I missing?

Hello Steven,

if only six devices are involved you can build a full mesh of iBGP sessions and avoid to use RRS

each device will have 5 iBGP neighbors.

iBGP multipath should work again.

 

Hope to help

Giuseppe

 

Enthusiast

Re: iBGP multi-path, what am I missing?

But fully meshed means physically connected though which wont be the case?
Hall of Fame Expert

Re: iBGP multi-path, what am I missing?

Hello Steven,

I mean a full mesh of iBGP sessions not a full mesh of physical links.

iBGP TTL is 255 and you can build iBGP sessions between not directly connected devices using the IGP OSPF to advertise each device loopback address and use these as BGP endpoints.

 

Hope to help

Giuseppe

 

Enthusiast

Re: iBGP multi-path, what am I missing?

I am thinking you still need RR for this though? R1 will not peer with R2 through R3 or R4. Even with loopbacks and R1 can ping R2 loopback. 

Enthusiast

Re: iBGP multi-path, what am I missing?

Still something missing. R1 is not even trying to communicate with R2 for iBGP.

 

CORE-9500-01#clear ip bgp * all

Jun 25 19:57:37.946: %BGP-3-NOTIFICATION_MANY: sent to 2 sessions 6/4 (Administrative Reset) for all peers
Jun 25 19:57:37.947: %BGP-5-ADJCHANGE: neighbor 172.16.63.3 Down User reset
Jun 25 19:57:37.947: %BGP_SESSION-5-ADJCHANGE: neighbor 172.16.63.3 IPv4 Unicast topology base removed from session User reset
Jun 25 19:57:37.947: %BGP-5-ADJCHANGE: neighbor 172.16.63.4 Down User reset
Jun 25 19:57:37.947: %BGP_SESSION-5-ADJCHANGE: neighbor 172.16.63.4 IPv4 Unicast topology base removed from session User reset
Jun 25 19:57:44.743: %BGP-3-NOTIFICATION: received from neighbor 172.16.63.4 active 6/5 (Connection Rejected) 0 bytes
Jun 25 19:57:44.744: %BGP-5-NBR_RESET: Neighbor 172.16.63.4 active reset (BGP Notification received)
Jun 25 19:57:44.744: %BGP-5-ADJCHANGE: neighbor 172.16.63.4 active Down BGP Notification received
Jun 25 19:57:44.744: %BGP_SESSION-5-ADJCHANGE: neighbor 172.16.63.4 IPv4 Unicast topology base removed from session BGP Notification received
Jun 25 19:57:46.791: %BGP-3-NOTIFICATION: received from neighbor 172.16.63.3 active 6/5 (Connection Rejected) 0 bytes
Jun 25 19:57:46.791: %BGP-5-NBR_RESET: Neighbor 172.16.63.3 active reset (BGP Notification received)
Jun 25 19:57:46.791: %BGP-5-ADJCHANGE: neighbor 172.16.63.3 active Down BGP Notification received
Jun 25 19:57:46.791: %BGP_SESSION-5-ADJCHANGE: neighbor 172.16.63.3 IPv4 Unicast topology base removed from session BGP Notification received
Jun 25 19:57:51.910: %BGP-3-NOTIFICATION: received from neighbor 172.16.63.4 active 6/5 (Connection Rejected) 0 bytes
Jun 25 19:57:51.911: %BGP-5-NBR_RESET: Neighbor 172.16.63.4 active reset (BGP Notification received)
Jun 25 19:57:51.911: %BGP-5-ADJCHANGE: neighbor 172.16.63.4 active Down BGP Notification received
Jun 25 19:57:51.911: %BGP_SESSION-5-ADJCHANGE: neighbor 172.16.63.4 IPv4 Unicast topology base removed from session BGP Notification received
Jun 25 19:57:52.949: %BGP-5-ADJCHANGE: neighbor 172.16.63.4 Up
Jun 25 19:57:52.951: %BGP-5-ADJCHANGE: neighbor 172.16.63.3 Up

!

!
CORE-9500-01#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 10.53.100.0/30 is directly connected, FortyGigabitEthernet1/0/29
L 10.53.100.2/32 is directly connected, FortyGigabitEthernet1/0/29
C 10.53.100.4/30 is directly connected, FortyGigabitEthernet1/0/30
L 10.53.100.6/32 is directly connected, FortyGigabitEthernet1/0/30
O 10.53.100.8/30
[110/11] via 10.53.100.1, 02:01:43, FortyGigabitEthernet1/0/29
O 10.53.100.12/30
[110/11] via 10.53.100.5, 02:01:49, FortyGigabitEthernet1/0/30
O 10.53.100.16/30
[110/11] via 10.53.100.1, 02:01:43, FortyGigabitEthernet1/0/29
O 10.53.100.20/30
[110/11] via 10.53.100.5, 02:01:49, FortyGigabitEthernet1/0/30
172.16.0.0/32 is subnetted, 5 subnets
C 172.16.63.1 is directly connected, Loopback0
O E2 172.16.63.2
[110/20] via 10.53.100.5, 02:00:58, FortyGigabitEthernet1/0/30
[110/20] via 10.53.100.1, 02:00:54, FortyGigabitEthernet1/0/29
O E2 172.16.63.3
[110/1] via 10.53.100.1, 02:01:43, FortyGigabitEthernet1/0/29
O E2 172.16.63.4
[110/1] via 10.53.100.5, 02:01:49, FortyGigabitEthernet1/0/30
O E2 172.16.63.5
[110/20] via 10.53.100.5, 02:00:53, FortyGigabitEthernet1/0/30
[110/20] via 10.53.100.1, 02:00:53, FortyGigabitEthernet1/0/29
!
CORE-9500-01#show ip bgp summary
BGP router identifier 172.16.63.1, local AS number 65001
BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.63.2 4 65001 0 0 1 0 0 never Idle
172.16.63.3 4 65001 3 2 1 0 0 00:00:22 0
172.16.63.4 4 65001 3 2 1 0 0 00:00:22 0
172.16.63.5 4 65001 0 0 1 0 0 never Idle

!

!
CORE-9500-01#show run | sec router
router ospf 10
router-id 172.16.63.1
redistribute connected subnets route-map FILTER-CONNECTED
passive-interface default
no passive-interface FortyGigabitEthernet1/0/29
no passive-interface FortyGigabitEthernet1/0/30
router bgp 65001
bgp router-id 172.16.63.1
bgp log-neighbor-changes
neighbor 172.16.63.2 remote-as 65001
neighbor 172.16.63.3 remote-as 65001
neighbor 172.16.63.4 remote-as 65001
neighbor 172.16.63.5 remote-as 65001
!
address-family ipv4
neighbor 172.16.63.2 activate
neighbor 172.16.63.3 activate
neighbor 172.16.63.3 soft-reconfiguration inbound
neighbor 172.16.63.4 activate
neighbor 172.16.63.4 soft-reconfiguration inbound
neighbor 172.16.63.5 activate
maximum-paths ibgp 6
exit-address-family
CORE-9500-01#

Enthusiast

Re: iBGP multi-path, what am I missing?

Ok so I have all iBGP peering going on now. But I still am not seeing multi-path to the BGP networks. Doesn't matter is RR is on or off. 

 

Hall of Fame Expert

Re: iBGP multi-path, what am I missing?

Hello Steven,

some changes on the FWs to make the iBGP sessions to come up ?

it is strange,

can you post a

show ip bgp <prefix>

of one prefix advertised by two different devices.

Note :

for test create a dummy Vlan on remote routers and have  this prefix advertised only in iBGP (not in OSPF) by two devices with same IGP metric to the point of view of the router performing show ip bgp <prefix>

 

Hope to help

Giuseppe

 

Enthusiast

Re: iBGP multi-path, what am I missing?

update-source lo0 was the key.

 

So now each 9500 is peering with each Palo Alto and a 4500x Stack. The 4500x Stack has two layer 3 port-channels, one port-channel to each Palo Alto. On the 4500x I am advertising 3 networks in BGP. 

 

4500x9500-019500-02

IDF1-CORE-01#show run | sec router
router ospf 10
router-id 172.16.63.5
redistribute connected subnets route-map FILTER-CONNECTED
passive-interface default
no passive-interface Port-channel10
no passive-interface Port-channel20
router bgp 65001
bgp router-id 172.16.63.5
bgp log-neighbor-changes
neighbor 172.16.63.1 remote-as 65001
neighbor 172.16.63.2 remote-as 65001
neighbor 172.16.63.3 remote-as 65001
neighbor 172.16.63.3 update-source Loopback0
neighbor 172.16.63.4 remote-as 65001
neighbor 172.16.63.4 update-source Loopback0
!
address-family ipv4
network 10.20.40.0 mask 255.255.255.0
network 10.20.41.0 mask 255.255.255.0
network 10.20.42.0 mask 255.255.255.0
network 10.20.50.0 mask 255.255.255.0
neighbor 172.16.63.1 activate
neighbor 172.16.63.2 activate
neighbor 172.16.63.3 activate
neighbor 172.16.63.3 soft-reconfiguration inbound
neighbor 172.16.63.4 activate
neighbor 172.16.63.4 soft-reconfiguration inbound
maximum-paths ibgp 4
exit-address-family
IDF1-CORE-01#show ip bgp
BGP table version is 9, local router ID is 172.16.63.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 10.20.40.0/24 0.0.0.0 0 32768 i
*> 10.20.41.0/24 0.0.0.0 0 32768 i
*> 10.20.42.0/24 0.0.0.0 0 32768 i
*> 10.20.50.0/24 0.0.0.0 0 32768 i
IDF1-CORE-01#show ip bgp sum
IDF1-CORE-01#show ip bgp summary
BGP router identifier 172.16.63.5, local AS number 65001
BGP table version is 9, main routing table version 9
4 network entries using 992 bytes of memory
4 path entries using 544 bytes of memory
1/1 BGP path/bestpath attribute entries using 280 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1816 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.63.1 4 65001 138 138 9 0 0 02:02:04 0
172.16.63.2 4 65001 217 216 9 0 0 03:10:32 0
172.16.63.3 4 65001 287 275 9 0 0 02:04:15 0
172.16.63.4 4 65001 286 275 9 0 0 02:03:10 0
IDF1-CORE-01#

CORE-9500-01#show run | sec router
router ospf 10
router-id 172.16.63.1
redistribute connected subnets route-map FILTER-CONNECTED
passive-interface default
no passive-interface FortyGigabitEthernet1/0/29
no passive-interface FortyGigabitEthernet1/0/30
router bgp 65001
bgp router-id 172.16.63.1
bgp log-neighbor-changes
neighbor 172.16.63.2 remote-as 65001
neighbor 172.16.63.2 update-source Loopback0
neighbor 172.16.63.3 remote-as 65001
neighbor 172.16.63.3 update-source Loopback0
neighbor 172.16.63.4 remote-as 65001
neighbor 172.16.63.4 update-source Loopback0
neighbor 172.16.63.5 remote-as 65001
neighbor 172.16.63.5 update-source Loopback0
!
address-family ipv4
neighbor 172.16.63.2 activate
neighbor 172.16.63.3 activate
neighbor 172.16.63.3 soft-reconfiguration inbound
neighbor 172.16.63.4 activate
neighbor 172.16.63.4 soft-reconfiguration inbound
neighbor 172.16.63.5 activate
maximum-paths ibgp 4
exit-address-family
CORE-9500-01#show ip bgp
BGP table version is 5, local router ID is 172.16.63.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*>i 10.20.40.0/24 172.16.63.5 0 100 0 i
*>i 10.20.41.0/24 172.16.63.5 0 100 0 i
*>i 10.20.42.0/24 172.16.63.5 0 100 0 i
*>i 10.20.50.0/24 172.16.63.5 0 100 0 i
CORE-9500-01#show ip bgp summary
BGP router identifier 172.16.63.1, local AS number 65001
BGP table version is 5, main routing table version 5
4 network entries using 992 bytes of memory
4 path entries using 544 bytes of memory
1/1 BGP path/bestpath attribute entries using 280 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1816 total bytes of memory
BGP activity 16/12 prefixes, 40/36 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.63.2 4 65001 140 138 5 0 0 02:03:13 0
172.16.63.3 4 65001 283 269 5 0 0 02:03:06 0
172.16.63.4 4 65001 286 271 5 0 0 02:03:06 0
172.16.63.5 4 65001 139 139 5 0 0 02:03:13 4
CORE-9500-01#

CORE-9500-02#show run | sec router
router ospf 10
router-id 172.16.63.2
redistribute connected subnets route-map FILTER-CONNECTED
passive-interface default
no passive-interface FortyGigabitEthernet1/0/29
no passive-interface FortyGigabitEthernet1/0/30
router bgp 65001
bgp router-id 172.16.63.2
bgp log-neighbor-changes
neighbor 172.16.63.1 remote-as 65001
neighbor 172.16.63.1 update-source Loopback0
neighbor 172.16.63.3 remote-as 65001
neighbor 172.16.63.3 update-source Loopback0
neighbor 172.16.63.4 remote-as 65001
neighbor 172.16.63.4 update-source Loopback0
neighbor 172.16.63.5 remote-as 65001
neighbor 172.16.63.5 update-source Loopback0
!
address-family ipv4
neighbor 172.16.63.1 activate
neighbor 172.16.63.3 activate
neighbor 172.16.63.3 soft-reconfiguration inbound
neighbor 172.16.63.4 activate
neighbor 172.16.63.4 soft-reconfiguration inbound
neighbor 172.16.63.5 activate
maximum-paths ibgp 4
exit-address-family
CORE-9500-02#show ip bgp
BGP table version is 25, local router ID is 172.16.63.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*>i 10.20.40.0/24 172.16.63.5 0 100 0 i
*>i 10.20.41.0/24 172.16.63.5 0 100 0 i
*>i 10.20.42.0/24 172.16.63.5 0 100 0 i
*>i 10.20.50.0/24 172.16.63.5 0 100 0 i
BNA-CORE-9500-02#show ip bgp sum
BGP router identifier 172.16.63.2, local AS number 65001
BGP table version is 25, main routing table version 25
4 network entries using 992 bytes of memory
4 path entries using 544 bytes of memory
1/1 BGP path/bestpath attribute entries using 280 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1816 total bytes of memory
BGP activity 8/4 prefixes, 20/16 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.63.1 4 65001 143 145 25 0 0 02:07:27 0
172.16.63.3 4 65001 300 285 25 0 0 02:09:37 0
172.16.63.4 4 65001 298 282 25 0 0 02:08:30 0
172.16.63.5 4 65001 222 223 25 0 0 03:15:55 4
CORE-9500-02#

 

both 9500s see two paths via OSPF to 172.16.63.5 so I am confused. I have set BGP peers in Palo Altos to "non-client" from a RR standpoint. 

 

Hall of Fame Expert

Re: iBGP multi-path, what am I missing?

Hello Steven,

 thanks for your explanation about using update-source loop0

 

>> both 9500s see two paths via OSPF to 172.16.63.5

if OSPF sees two equal cost paths to BGP next-hop you have load balancing to the BGP next-hop.

This is the main reason why iBGP multipath is not so needed, because recursion over BGP next-hop already provides ECMP when available.

 

However, to make the test of true iBGP multipath you need to have a common network behind two devices for example the two C9500 using a test VLan and to advertise the IP subnet in iBGP only on both.

 

Then you go on the opposite side of the network and you issue show ip bgp <test-prefix>

 

The two C9500 loopback0 must be seen with same IGP metric from the opposite side.

At that point you should see it happening.

 

Hope to help

Giuseppe

 

Enthusiast

Re: iBGP multi-path, what am I missing?

I guess what is confusing is that the show ip bgp table does not show but ONE path so I was thinking no multi-path is working.

So when I create a vlan interface on the 9500s running hsrp and advertise that network into BGP on both 9500s, I go to the 4500x and see this:

SW05#show ip bgp
BGP table version is 8, local router ID is 172.16.63.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 10.100.100.1/32 0.0.0.0 0 32768 i
*> 10.101.101.1/32 0.0.0.0 0 32768 i
*> 10.102.102.1/32 0.0.0.0 0 32768 i
rmi 192.168.100.0 172.16.63.4 0 100 0 i
r>i 172.16.63.3 0 100 0 i
SW05#

So guess it is working. I just dont understand why RR would change this behavior.
Hall of Fame Expert

Re: iBGP multi-path, what am I missing?

Hello Steven,

you are also advertising the prefix in OSPF so you get an r RIB failure however this is an example of iBGP multipath

 

>> rmi 192.168.100.0 172.16.63.4 0 100 0 i
r>i 172.16.63.3 0 100 0 i

 

the m code stays for multipath, the path via 172.16.63.3 is the best path for the lower BGP router-id

 

>> So guess it is working. I just dont understand why RR would change this behavior.

 

The root cause is that the RR server makes a best path choice before reflection and in this case it will propagate the prefix only coming from lower BGP router-id  / BGP next-hop.

 

Hope to help

Giuseppe

 

Enthusiast

Re: iBGP multi-path, what am I missing?

Ya had a oops...I am redistributing connected without a route map in my eve lab so had to fix that. Looks good now.

*mi 192.168.100.0 172.16.63.4 0 100 0 i
*>i 172.16.63.3 0 100 0 i


B 192.168.100.0/24 [200/0] via 172.16.63.4, 00:00:09
[200/0] via 172.16.63.3, 00:00:09
Enthusiast

Re: iBGP multi-path, what am I missing?

When you are meshing clients with iBGP is multi-hop allowed by default?
Hall of Fame Expert

Re: iBGP multi-path, what am I missing?

Hello Steven,

yes in iBGP default TTL is 255 in eBGP default TTL is 1 so multihop is not needed

actually the IOS command reflects this the command is

neighbor x.x.x.x ebgp-multihop <value>

 

There is no iBGP version of this command.

iBGP default TTL is 255 because at the beginning BGP was used only on BGP border routers and the iBGP sessions served to connect them. Internal routers did not run BGP and forwarding plane required redistribution of BGP into the IGP in use.

This original usage scenario is also the reason for the old default of BGP synchronization enabled. BGP sync when enabled checks for the presence of a BGP prefix in the IGP before allowing the router to advertise it.

The ideas was to avoid to advertise prefixes that could be black holed inside the AS in internal routers.

 

Hope to help

Giuseppe

 

Enthusiast

Re: iBGP multi-path, what am I missing?

So out of curiosity is there a recommended number of BGP peers in a full mesh configuration? I am look at less than 10 which I do not feel will be an issue but I am curious what others recommend or have seen?
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards