cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1354
Views
10
Helpful
1
Replies

iBGP session changing next-hop of external learned route without next-hop-self command applied

eduardo.soto
Level 1
Level 1

Hi all,

 

We have this strange bgp behaviour of our Cisco ASR1004 routers:

We have two routers with ebgp peering to the same ISP from which we are learning the same routes by the two links, and they also have an ibgp session between them. The thing is that the external routes that one of the ASR learn from the eBGP neighbor, it advertizes it to the ibgp neighbor with the ebgp neighbor IP, which is the correct way without the neighbor x.x.x.x next-hop-self configured, but when the ibgp neighbor receives it, it automatically changes the next-hop to the IP of its ibgp peer (doesn't maintains the one that its ibgp peers send it):

Does someone knows why this is happening, it's normal?

ASR1 BGP config:

router#sh run | s bgp

router bgp 6XXXX
 bgp router-id 172.30.XX.XX
 bgp log-neighbor-changes
 timers bgp 30 90
 !
 address-family ipv4 vrf test
  network 62.XX.XX.XXX mask 255.255.255.240
  network 62.YY.YY.YYY mask 255.255.255.248
  network 62.ZZ.ZZ.ZZZ mask 255.255.255.248
  network 62.VV.VV.VVV mask 255.255.255.248
  redistribute static
  neighbor 172.31.X.X remote-as 6XXXX              (ibgp neighbor)
  neighbor 172.31.X.X password 7 XXXXXX

  neighbor 172.31.X.X activate                     
  neighbor 192.168.YY.YY remote-as 1YYYY    (ebgp neighbor)
  neighbor 192.168.YY.YY description G
  neighbor 192.168.YY.YY password 7 YYYY
  neighbor 192.168.YY.YY activate
  neighbor 192.168.YY.YY prefix-list BGP-XX-IN in
  neighbor 192.168.YY.YY prefix-list BGP-XX-OUT out
 exit-address-family

ASR1 Version:

router#sh ver
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(4)S6, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 14-Aug-14 19:29 by mcpre

IOS XE Version: 03.07.06.S

ROM: IOS-XE ROMMON

router uptime is 1 year, 5 hours, 13 minutes
Uptime for this control processor is 1 year, 5 hours, 14 minutes
System returned to ROM by reload at 01:58:41 UTC Tue Aug 19 2014
System restarted at 10:12:32 UTC Tue Aug 19 2014
System image file is "bootflash:asr1000rp2-adventerprisek9.03.07.06.S.152-4.S6.bin"

 

ASR1 eBGP Learned routes:

router#sh ip bgp vpnv4 vrf xx neighbors 192.168.YY.YY routes
BGP table version is 1571021, local router ID is 172.30.XX.XX
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 62.XX.XX.XX:10 (default for vrf xx)
 *>  1.66.0.0/22      192.168.YY.YY            1             0 1YYYY ?
 *>  2.48.0.0/25      192.168.YY.YY            1             0 1YYYY ?
 *>  2.48.0.0/24      192.168.YY.YY            1             0 1YYYY ?

ASR1 iBGP advertized routes:

router#sh ip bgp vpnv4 vrf xx neighbors 172.31.X.X advertised-routes
BGP table version is 1571021, local router ID is 172.30.XX.XX
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 62.XX.XX.XX:10 (default for vrf xx)
 *>  1.6X.0.0/22      192.168.YY.YY          1             0 1YYYY ?     --> It advertized to ASR2 ok without changing it the next-hop
 *>  2X.4X.0.0/25      192.168.YY.YY          1             0 1YYYY ?
 *>  2X.4Y.0.0/24      192.168.YY.YY          1             0 1YYYY ?

 

ASR2 BGP Config:

router bgp 6XXXX
 bgp router-id 172.30.XX.XY
 bgp log-neighbor-changes
 timers bgp 30 90
 maximum-paths 2
 !
 !
 address-family ipv4 vrf xx
  network 62.XX.XX.XXX mask 255.255.255.240
  network 62.YY.YY.YYY mask 255.255.255.248
  redistribute static
  neighbor 172.31.X.Y remote-as 6XXXX    (iBGP Neighbor)
  neighbor 172.31.X.Y password XXX
  neighbor 172.31.X.Y activate
  neighbor 192.168.XXX.NNN remote-as 1XXXX     (eBGP Neighbor)
  neighbor 192.168.XXX.NNN password xxxx
  neighbor 192.168.XXX.NNN activate
  neighbor 192.168.XXX.NNN soft-reconfiguration inbound
  neighbor 192.168.XXX.NNN prefix-list BGP-IN in
  neighbor 192.168.XXX.NNN prefix-list BGP-OUT out
  neighbor 192.168.XXX.NNN route-map SETPATH out
 exit-address-family

ASR2 Version:

router#sh ver
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(4)S6, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 14-Aug-14 19:29 by mcpre

IOS XE Version: 03.07.06.S

ROM: IOS-XE ROMMON

router uptime is 21 weeks, 1 day, 15 hours, 3 minutes
Uptime for this control processor is 21 weeks, 1 day, 15 hours, 4 minutes
System returned to ROM by reload at 03:17:59 UTC Tue Aug 19 2014
System restarted at 00:51:50 UTC Tue Mar 24 2015
System image file is "bootflash:asr1000rp2-adventerprisek9.03.07.06.S.152-4.S6.bin"

Configuration register is 0x2102

 

ASR2 iBGP learned routes:

router#sh ip bgp vpnv4 vrf xx neighbors 172.31.X.Y routes
BGP table version is 970914, local router ID is 172.30.XX.XX
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 62.XX.XX.XX:10 (default for vrf xx)
 *>i 1.6X.0.0/22      172.31.X.Y               1    100      0 1XXXX ?       It changed the next-hop to the ibgp neighbor IP
 *>i 2X.4X.0.0/25      172.31.X.Y               1    100      0 1XXXX ?
 *>i 2X.4Y.0.0/24      172.31.X.Y               1    100      0 1XXXX?

 

Also, ASR2 doesn't know how to reach IP of the ASR1 ebgp peer:

ASR2#sh ip route vrf xx 192.168.YY.YY

Routing Table: xx
% Subnet not in table

Thanks.

1 Accepted Solution

Accepted Solutions

CSCO11554148
Level 1
Level 1

Dear Eduardo,

what you see is normal in this specific scenario  with VRF. BGP looks too smart in this kind of situations , the idea  that connectivity is preserved without the need of an IGP protocol between ASR 1 and ASR2.

the  way to change the behavior  global table. is by the use of a route map with set next-hop-unchanged. But I guess you won't doing like this. :-)

The connectivity from router receiving the prefix (ASR1 from ISP) and the vpnv4 routes behind the ASR2  is preserved without the need of an IGP protocol between ASR1 and ASR2.

The reason why you are seeing this behavior is cause there is and inherent next-hop-self , but in global table you will need next hop self  like you were expecting  because the original eBGP next-hop can be retained being part of global routing table on ASBR node,.

Najib

View solution in original post

1 Reply 1

CSCO11554148
Level 1
Level 1

Dear Eduardo,

what you see is normal in this specific scenario  with VRF. BGP looks too smart in this kind of situations , the idea  that connectivity is preserved without the need of an IGP protocol between ASR 1 and ASR2.

the  way to change the behavior  global table. is by the use of a route map with set next-hop-unchanged. But I guess you won't doing like this. :-)

The connectivity from router receiving the prefix (ASR1 from ISP) and the vpnv4 routes behind the ASR2  is preserved without the need of an IGP protocol between ASR1 and ASR2.

The reason why you are seeing this behavior is cause there is and inherent next-hop-self , but in global table you will need next hop self  like you were expecting  because the original eBGP next-hop can be retained being part of global routing table on ASBR node,.

Najib

Review Cisco Networking for a $25 gift card