cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
29172
Views
15
Helpful
17
Replies

iBGP Next-hop Self

lamav
Level 8
Level 8

Hi, folks;

Lets do a little BGP 101 review, shall we?

We know that iBGP passes the next hop information learned through eBGP to its iBGP neighbor. So, we know that if the iBGP neighbor does not have a route to the eBGP next hop, then it wont place the route in the BGP table. We are told that you must run an IGP for the iBGP neighbor to learn about that next hop.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpnexthop

But that sounds incorrect, now that I actually have to make a decision as to whether to deploy the next hop self command.

I have 2 internet routers running eBGP to their ISPs and iBGP between each other. If I dont have the next hop self command configured, each iBGP neighbor will have the eBGP ISP next hop as their next hop, but you dont have to be running an IGP for them to learn about how to reach that next hop.

Each router will advertise that directly connected subnet through iBGP.\\So, what Im saying is that if router 1 loses its eBGP connection to the ISP, it will learn all the internet routes through the iBGP connection and have router 2's eBGP next hop as its next hop. But that is no big deal because it will know how to get to it because router 2 will advertise a route to it through iBGP.

Making sense?

Any thoughts?

17 Replies 17

Edison Ortiz
Hall of Fame
Hall of Fame

We are told that you must run an IGP for the iBGP neighbor to learn about that next hop.

We need IGP within an iBGP configuration for the peering process as the best practice calls for loopback peering to avoid single point of failure. If you decide to peer with physical interfaces, then you don't need an IGP.

An IGP can be useful for the next-hop-self but it's not as necessary as the peering process I explained above.

But that is no big deal because it will know how to get to it because router 2 will advertise a route to it through iBGP.

If it passes the next-hop validation on the received route, the iBGP peer is simply performing route reflection.

__

Edison.

Edison:

I agree and have already implemented a design which leverages the loopback interfaces and an IGP when creating an iBGP peering.

But the link I posted addresses the dilemma of the next hop not being reachable by an iBGP neighbor, so it says to run an IGP...

But, the fact of the matter is that, if I remove th enext hop self command, the internet routers will advertise the Internet routing table to each other, as well as the eBGP next hop, so they will know how to get to it and the next hop self command is not needed.

But the link I posted addresses the dilemma of the next hop not being reachable by an iBGP neighbor, so it says to run an IGP...

Agreed, I wanted to pointed out the main reason for running IGP on iBGP peering and the main reason is not due to the 'next-hop-self' but the loopback peering - I understand your point - well taken..

But, the fact of the matter is that, if I remove th enext hop self command, the internet routers will advertise the Internet routing table to each other, as well as the eBGP next hop, so they will know how to get to it and the next hop self command is not needed.

Thus one of those BGP routers would receive routes from 2 providers and the next-hop information would be of each ISP instead of your peering iBGP - concept is clear. What we need to find out if the next-hop information from the local ISP passes the 'next-hop validation' process.

The next-hop IP address from the non-directly connected ISP must be received with the next-hop of your iBGP.

For instance:

ISP1

|

192.168.1.0/30

|

CE1

ISP2

|

192.168.1.4/30

|

CE2

CE2 would need to advertise 192.168.1.4/30 to CE1 in order to pass the next-hop validation on CE1.

Once the next-hop validation passes, CE1 can send recursive routes directly to ISP2 either via CE2 or ISP1, whichever CE1 finds closer in route metric.

HTH,

__

Edison.

Edison, Im sorry, dude. I didnt even see your response until right now....

To answer your question, it does pass the next-hop validation prcoess.

R1 and R2 learn the Internet routing table from their ISP peer. They then advertise their BGP tables to each other with a next-hop that is their eBGP peer (the ISP). So, each router of course will place their eBGP routes in the RIB because it will select eBGP over iBGP.

Moreover, the next hop (/30 ISP subnet for eBGP) is advertised in the iBGP update, so if R1 loses its eBGP connection, it will perform the recursive route lookup for the iBGP-advertised next-hop and have a route to it.

In this circumstace - in which R1 loses it eBGP route -- I think the next-hop self command isnt needed. But I was wondering if their is some sort of best practice of always using the nhs command, regardless....perhaps some scenario I am not thinking of.

Thanks, again, and my apologies for not noticing your answer earlier.

Victor

A static route on both ends would be a best thing to use to make the base IP connectivity to the neighbours. Then TCP can make its way without problems.

So if we have iBGP router 1 -> iBGP router 2 -> iBGP router 3, the middle one needs to be a RR. So if iBGP router 1 is advertising 10.20.20.0/24 and is RR client of iBGP router 2, and iBGP router 3 is also a RR client to iBGP router 2, how will iBGP router 3 see the route that iBGP router 1 is advertising in the route table?

From iBGP router 3 it shows my next hop for 10.20.20.0/24 as the iBGP router 1 IPs, so not the directly connected Device. Router 1 and 3 DO NOT connect at all. Is this normal? No IGP is used. Is there anyway to see the true physical next hop for simplicity?

Hello Steven,

 

>> From iBGP router 3 it shows my next hop for 10.20.20.0/24 as the iBGP router 1 IPs, so not the directly connected Device. Router 1 and 3 DO NOT connect at all. Is this normal?

Yes, this is normal when using route reflector servers. IF the BGP next-hop is reachable = it is present in the iBGP router3 IP routing table the prefix will be installed (it has to be resolved by a route with a different next-hop to work for example it can be advertised by iBGP R2 )

 

>> No IGP is used. Is there anyway to see the true physical next hop for simplicity?

You can try to use next-hop self on the route reflector server but I am afraid the two features are not compatible.

At least they were not in the past.

 

Hope to help

Giuseppe

 

So from router 3 to see the network advertised by router 1 as next-hop being the actual interface of router 1 is normal.
I am not sure next hop self works as the reflector is Palo Alto firewalls.

shivlu jain
Level 5
Level 5

Running iBGP means, requirement of full mesh which is not possible in core until and unless customers routes need to be transported. This is the reason IGP is best to use in cloud.

regards

shivlu jain

My question is do you need to use the next hop self command if your iBGP neighbor is also advertising a route, through iBGP, to the eBGP neighbor?

the nexthopself usually is used at the edge router which is responsible to receive the routes from your isp and advertise the these ebgp routes in iBGP;

All other routers will see that edge router is the next hop for routes from IPS. They then know how to sent the packet in case they receive the the packet which destination address point to eBGP host, then they know, ok, I am going to sent the packet to that edge router, he will transit these packets to outsdeï¼›

If you dont use this command, you might find some routers in your iBGP network do not know where to sent the packets, because the next-hop is unreachable in the routing table

For thoes packets destination is a eBGP host -- you may see that routes in the routing table,but does not mean they are pingable, the routers in iBGP need the igp next hop to be directed where to sent those packets.

Hi, thanks for the information.

I know what iBGP is used for and everything you mentioned.

My question is very specific:

If the iBGP routers ARE indeed learning about the route to the eBGP next hop, is it necessary to use the next hop self command? Is there some value in using it in this particular case?

Thanks!

Hello Victor,

if a BGP network statement on R2 describes the ip subnet between R2 and its eBGP peer and it is advertised on the iBGP session of R2 to R1 you should be fine.

The BGP next-hop check is passed even without next-hop-self and without using an IGP.

I remember I tried this in lab some years ago.

In real world you may be able to do this or not if you care of who is authorized to advertise that prefix (if it is provider space but it is enough to not propagate on eBGP sessions I would say)

Hope to help

Giuseppe

If the eBGP next hop is also carried via an IGP, then (I recall) next hop self isn't needed for iBGP. The advantage of using next hop self the eBGP next hop address might not "nicely" fall into your internal IP addressing scheme.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: