cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1254
Views
0
Helpful
1
Replies

Possible BGP, network unreachable issue

Athiqur Rahman
Level 1
Level 1

I am doing a simple BGP peering with my ISP, advertising my /23 subnet.

**** I have changed lot of the IP addresses for security reason ******

The subnet i am advertising is

217.70.60.0/23

My router IP is

49.70.40.162

my Neighbour IP is

49.70.40.161

My config is as follows

router bgp 16000

bgp router-id 217.70.60.9

network 217.70.60.0/23

neighbor 149.70.40.161 remote-as 1700

neighbor 149.70.40.161 description ISP

neighbor 149.70.40.161 weight 150

The ISP is sending me defautl route only

  Network          Next Hop            Metric LocPrf Weight Path

*> 0.0.0.0          149.70.40.161                         150 1700 i

*> 217.70.60.0/23   0.0.0.0                  0         32768 i

The BGP is established fine. I have internet connection fine. However there certain IP addresses that i can not reach from behind my router.

from my router, presenting source IP of

49.70.40.162

i am able to ping 2 IP fine

212.41.185.231, 212.41.185.237

However, if I ping from a machine A, with IP 217.70.60.75, which has its GW as 217.70.60.9, i am unable to reach the IP's

212.41.185.231, 212.41.185.237

From my router, Where i can do a successful ping, the traceroute shows

Tracing the route to no-dns.as5587.net (212.41.185.231)

  1 te2-6.359.ccr01.lon03.atlas.cogentco.com (149.6.147.45) [AS 1700] 0 msec 4 msec 0 msec

  2 te0-6-0-1.ccr21.lon01.atlas.cogentco.com (154.54.72.101) [AS 1700] 0 msec 0 msec

    te0-6-0-5.ccr21.lon01.atlas.cogentco.com (154.54.72.93) [AS 1700] 0 msec

  3 ae0-1704-xcr1.lnd.cw.net (195.2.22.41) [AS 1700] 0 msec 0 msec 0 msec

  4 xe-11-2-0-xur1.lns.uk.cw.net (194.70.97.65) [AS 1700] 4 msec 0 msec 0 msec

  5 195.11.50.21 [AS 1700] 0 msec 0 msec 4 msec

  6 900.rtr1.tc9.lon.as5587.net (213.253.141.33) [AS 1700] 0 msec 4 msec 0 msec

  7 f1-0.rtr1.tck.man.as5587.net (213.253.166.33) [AS 1700] 8 msec 12 msec 12 msec

  8 fa2-0.rtr1.tcw.man.as5587.net (195.134.31.6) [AS 1700] 8 msec 12 msec 12 msec

  9 pos2-0.rtr1.167-0.brd.as5587.net (212.41.187.249) [AS 1700] 12 msec 12 msec 12 msec

10 sfs2.167-0.brd.as5587.net (212.41.191.50) [AS 1700] 12 msec 16 msec 12 msec

11 * * *

When tracing route from machine A, where ping is unsuccessful it looks like the following

traceroute to 212.41.185.231 (212.41.185.231), 30 hops max, 40 byte packets

1  rbr.telecom2.net (217.70.60.9)  0.547 ms  0.526 ms  0.516 ms

2  te2-6.359.ccr01.lon03.atlas.cogentco.com (149.6.147.45)  1.443 ms  1.479 ms  1.648 ms

3  te0-1-0-7.ccr21.lon01.atlas.cogentco.com (154.54.72.177)  1.327 ms te0-6-0-1.ccr21.lon01.atlas.cogentco.com (154.54.72.101)  1.421 ms  1.414 ms

4  ae0-1704-xcr1.lnd.cw.net (195.2.22.41)  0.938 ms  1.063 ms  1.047 ms

5  xe-11-2-0-xur1.lns.uk.cw.net (194.70.97.65)  1.045 ms  1.232 ms  1.229 ms

6  * * *

I can see on the traceroute of the successful ping that we get past the ip 194.70.97.65. On the traceroute of the failed ping i can see that it has gone past this stage.

What can i gather from this data as to why I can not ping the IP's  212.41.185.231, 212.41.185.237 from a machine behind my router?

Any, pointers or advice is appreicated.

1 Reply 1

chryan
Level 1
Level 1

The fact that pings and traceroutes work when sourced from the outgoing interface, that tells me that the connected network is known to the end device. Try your pings and traceroutes with a source ip address of your LAN interface (or any other connected interfaces) and see what you get.

Also, if possible, attempt the pings and traceroutes from the opposite end, back towards you. See what you get there too.

Regards,

Chuck

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco