08-19-2015 09:08 AM - edited 03-05-2019 02:06 AM
Hi all,
We have this strange bgp behaviour of our Cisco ASR1004 routers:
We have two routers with ebgp peering to the same ISP from which we are learning the same routes by the two links, and they also have an ibgp session between them. The thing is that the external routes that one of the ASR learn from the eBGP neighbor, it advertizes it to the ibgp neighbor with the ebgp neighbor IP, which is the correct way without the neighbor x.x.x.x next-hop-self configured, but when the ibgp neighbor receives it, it automatically changes the next-hop to the IP of its ibgp peer (doesn't maintains the one that its ibgp peers send it):
Does someone knows why this is happening, it's normal?
ASR1 BGP config:
router#sh run | s bgp
router bgp 6XXXX
bgp router-id 172.30.XX.XX
bgp log-neighbor-changes
timers bgp 30 90
!
address-family ipv4 vrf test
network 62.XX.XX.XXX mask 255.255.255.240
network 62.YY.YY.YYY mask 255.255.255.248
network 62.ZZ.ZZ.ZZZ mask 255.255.255.248
network 62.VV.VV.VVV mask 255.255.255.248
redistribute static
neighbor 172.31.X.X remote-as 6XXXX (ibgp neighbor)
neighbor 172.31.X.X password 7 XXXXXX
neighbor 172.31.X.X activate
neighbor 192.168.YY.YY remote-as 1YYYY (ebgp neighbor)
neighbor 192.168.YY.YY description G
neighbor 192.168.YY.YY password 7 YYYY
neighbor 192.168.YY.YY activate
neighbor 192.168.YY.YY prefix-list BGP-XX-IN in
neighbor 192.168.YY.YY prefix-list BGP-XX-OUT out
exit-address-family
ASR1 Version:
router#sh ver
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(4)S6, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 14-Aug-14 19:29 by mcpre
IOS XE Version: 03.07.06.S
ROM: IOS-XE ROMMON
router uptime is 1 year, 5 hours, 13 minutes
Uptime for this control processor is 1 year, 5 hours, 14 minutes
System returned to ROM by reload at 01:58:41 UTC Tue Aug 19 2014
System restarted at 10:12:32 UTC Tue Aug 19 2014
System image file is "bootflash:asr1000rp2-adventerprisek9.03.07.06.S.152-4.S6.bin"
ASR1 eBGP Learned routes:
router#sh ip bgp vpnv4 vrf xx neighbors 192.168.YY.YY routes
BGP table version is 1571021, local router ID is 172.30.XX.XX
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 62.XX.XX.XX:10 (default for vrf xx)
*> 1.66.0.0/22 192.168.YY.YY 1 0 1YYYY ?
*> 2.48.0.0/25 192.168.YY.YY 1 0 1YYYY ?
*> 2.48.0.0/24 192.168.YY.YY 1 0 1YYYY ?
ASR1 iBGP advertized routes:
router#sh ip bgp vpnv4 vrf xx neighbors 172.31.X.X advertised-routes
BGP table version is 1571021, local router ID is 172.30.XX.XX
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 62.XX.XX.XX:10 (default for vrf xx)
*> 1.6X.0.0/22 192.168.YY.YY 1 0 1YYYY ? --> It advertized to ASR2 ok without changing it the next-hop
*> 2X.4X.0.0/25 192.168.YY.YY 1 0 1YYYY ?
*> 2X.4Y.0.0/24 192.168.YY.YY 1 0 1YYYY ?
ASR2 BGP Config:
router bgp 6XXXX
bgp router-id 172.30.XX.XY
bgp log-neighbor-changes
timers bgp 30 90
maximum-paths 2
!
!
address-family ipv4 vrf xx
network 62.XX.XX.XXX mask 255.255.255.240
network 62.YY.YY.YYY mask 255.255.255.248
redistribute static
neighbor 172.31.X.Y remote-as 6XXXX (iBGP Neighbor)
neighbor 172.31.X.Y password XXX
neighbor 172.31.X.Y activate
neighbor 192.168.XXX.NNN remote-as 1XXXX (eBGP Neighbor)
neighbor 192.168.XXX.NNN password xxxx
neighbor 192.168.XXX.NNN activate
neighbor 192.168.XXX.NNN soft-reconfiguration inbound
neighbor 192.168.XXX.NNN prefix-list BGP-IN in
neighbor 192.168.XXX.NNN prefix-list BGP-OUT out
neighbor 192.168.XXX.NNN route-map SETPATH out
exit-address-family
ASR2 Version:
router#sh ver
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(4)S6, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 14-Aug-14 19:29 by mcpre
IOS XE Version: 03.07.06.S
ROM: IOS-XE ROMMON
router uptime is 21 weeks, 1 day, 15 hours, 3 minutes
Uptime for this control processor is 21 weeks, 1 day, 15 hours, 4 minutes
System returned to ROM by reload at 03:17:59 UTC Tue Aug 19 2014
System restarted at 00:51:50 UTC Tue Mar 24 2015
System image file is "bootflash:asr1000rp2-adventerprisek9.03.07.06.S.152-4.S6.bin"
Configuration register is 0x2102
ASR2 iBGP learned routes:
router#sh ip bgp vpnv4 vrf xx neighbors 172.31.X.Y routes
BGP table version is 970914, local router ID is 172.30.XX.XX
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 62.XX.XX.XX:10 (default for vrf xx)
*>i 1.6X.0.0/22 172.31.X.Y 1 100 0 1XXXX ? It changed the next-hop to the ibgp neighbor IP
*>i 2X.4X.0.0/25 172.31.X.Y 1 100 0 1XXXX ?
*>i 2X.4Y.0.0/24 172.31.X.Y 1 100 0 1XXXX?
Also, ASR2 doesn't know how to reach IP of the ASR1 ebgp peer:
ASR2#sh ip route vrf xx 192.168.YY.YY
Routing Table: xx
% Subnet not in table
Thanks.
Solved! Go to Solution.
12-30-2015 05:04 PM
Dear Eduardo,
what you see is normal in this specific scenario with VRF. BGP looks too smart in this kind of situations , the idea that connectivity is preserved without the need of an IGP protocol between ASR 1 and ASR2.
the way to change the behavior global table. is by the use of a route map with set next-hop-unchanged. But I guess you won't doing like this. :-)
The connectivity from router receiving the prefix (ASR1 from ISP) and the vpnv4 routes behind the ASR2 is preserved without the need of an IGP protocol between ASR1 and ASR2.
The reason why you are seeing this behavior is cause there is and inherent next-hop-self , but in global table you will need next hop self like you were expecting because the original eBGP next-hop can be retained being part of global routing table on ASBR node,.
Najib
12-30-2015 05:04 PM
Dear Eduardo,
what you see is normal in this specific scenario with VRF. BGP looks too smart in this kind of situations , the idea that connectivity is preserved without the need of an IGP protocol between ASR 1 and ASR2.
the way to change the behavior global table. is by the use of a route map with set next-hop-unchanged. But I guess you won't doing like this. :-)
The connectivity from router receiving the prefix (ASR1 from ISP) and the vpnv4 routes behind the ASR2 is preserved without the need of an IGP protocol between ASR1 and ASR2.
The reason why you are seeing this behavior is cause there is and inherent next-hop-self , but in global table you will need next hop self like you were expecting because the original eBGP next-hop can be retained being part of global routing table on ASBR node,.
Najib
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide