Question on BGP and secondary IP's on physical interfaces

pipsadmin · ‎08-24-2008

HI,

i have a 3845 with a external interface for peering BGP with the carrier for network 216.24.238.0 which works right. This network is on a loopback because I'm doing NAT.

I also have a physical interface with IP 216.24.227.0 as primary and 216.24.228.0 as secondary.

Even with the router bgp statement with network 216.24.227.0 and 228.0, only the primary interface gets advertised. For some reason the secondary netblock 216.24.228.0 does not get propagated through BGP. This is my issue. I dont understand why the seconday IP is not getting advertised.

Is there a way around this?

Thanks

srinivas_816 · ‎08-24-2008

Hi,

Can you provide the BGP configuration on the Router .

Regards

srini

Richard Burts · ‎08-24-2008

Nelson

In addition to the configuration requested by Srini I believe that it would be helpful if you post the output of show ip protocol and show ip route from the router (if the ip route output is large at least post every line from the output that relates to these networks that you mention).

It will be important to see whether auto-summary is enabled or not, what masks are used in the interface and whether the BGP network statements specify any mask.

HTH

Rick

HTH

Rick

RanilG · ‎08-24-2008

Hi,

What is your conclusion that the secondary network is not getting advertised, based on?

If you swap these networks(primary/secondary) do you see the same behavior? This would be a good thing to start off with, if you haven't done so already.

Then you could check for any filtering applied(outbound filtering at your end and inbound filtering by the peering partner).

srinivas_816 · ‎08-24-2008

Auto-summary behavior has changed across Cisco IOS software releases. Initially, auto-summary was enabled by default. However, with Cisco bug ID CSCdu81680 ( registered customers only) this behavior has changed. In the latest Cisco IOS, auto-summary is disabled by default. When auto-summary is enabled, it summarizes the locally originated BGP networks to their classfull boundaries. Auto-summary is enabled by default in BGP. When auto-summary is disabled, the routes introduced locally into the BGP table are not summarized to their classfull boundaries. When a subnet exists in the routing table and these three conditions are satisfied, then any subnet of that classfull network in the local routing table will prompt BGP to install the classfull network into the BGP table.

Classfull network statement for a network in the routing table

Classfull mask on that network statement

Auto-summary enabled

For example, if the subnet in the routing table is 75.75.75.0 mask 255.255.255.0, and you configure network 75.0.0.0 under the router bgp command, and auto-summary is enabled, BGP introduces the classfull network 75.0.0.0 mask 255.0.0.0 in the BGP table.

If these three conditions are not all met, then BGP does not install any entry in the BGP table unless there is an exact match in the local routing table.

Note: If the AS that performs BGP does not own the complete classfull network, Cisco recommends that you issue the no auto-summary command under router bgp in order to disable auto-summary.

router bgp ABCDE

no synchronization

bgp log-neighbor-changes

network 10.1.227.0 mask 255.255.255.0

network 10.1.228.0 mask 255.255.255.0

no auto-summary

or

router bgp ABCDE

no synchronization

bgp log-neighbor-changes

network 10.1.227.0 mask 255.255.254.0

no auto-summary

Regards

Srinivas

Harold Ritter · ‎08-24-2008

Nelson,

Assuming the netmask for both the primary and the secondary interface ip addresses match the one configured on the bgp network statements (/24 by default for 216.24.227.0 and 228.0), both should be advertised in BGP.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

pipsadmin · ‎08-25-2008

ok, lots of questions here, I'll respond as best I can.

I only want networks 216.24.227.0, 228.0 and 238.0 to be advertised on this router.

~

interface Loopback1

ip address 216.24.238.2 255.255.255.0

~

!

interface GigabitEthernet0/1

description BGP_TO_MCI_CAMPAIGNER

ip address 216.24.228.1 255.255.255.0 secondary

ip address 216.24.227.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no ip mroute-cache

duplex auto

speed 100

media-type rj45

no cdp enable

no mop enabled

!

~

router bgp 17358

no synchronization

bgp log-neighbor-changes

network 216.24.227.0

network 216.24.228.0

network 216.24.238.0

redistribute connected

redistribute static

neighbor 209.167.212.241 remote-as 701

neighbor 209.167.212.241 description MCI_link

neighbor 209.167.212.241 version 4

neighbor 209.167.212.241 soft-reconfiguration inbound

neighbor 209.167.212.241 distribute-list 199 in

neighbor 209.167.212.241 distribute-list 101 out

no auto-summary

~

Extended IP access list 101

10 permit ip host 216.24.227.0 host 255.255.255.0 (2 matches)

20 permit ip host 216.24.228.0 host 255.255.255.0 (2 matches)

30 permit ip host 216.24.238.0 host 255.255.255.0 (5 matches)

~

Extended IP access list 199

10 permit ip any any (4 matches)

~

Routing Protocol is "bgp 17358"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

IGP synchronization is disabled

Automatic route summarization is disabled

Redistributing: connected, static

Unicast Aggregate Generation:

Neighbor(s):

Address FiltIn FiltOut DistIn DistOut Weight RouteMap

209.167.212.241 199 101

Maximum path: 1

Routing Information Sources:

Gateway Distance Last Update

209.167.212.241 20 18w1d

Distance: external 20 internal 200 local 200

Hope that this can clear some resasoning behind the problem I have.

Thanks...

P.S.: In order to get traffic in for the 3 networks, I had to tell the carrier to staticlly route 227 and 228 to us.

This temporary fix works, although I would like everything in BGP.

Richard Burts · ‎08-25-2008

Nelson

In your original post you indicated that the primary address was advertised but not the secondary. In this post you are indicating that both the primary and secondary had to be statically routed. Can you clarify this?

It might help us find the issue if you would post the output of show ip interface brief, of show ip route (can we verify that these routes are in the local routing table) and of show ip bgp (or if that is large then show ip bgp

for the three routes that you want to advertise.

HTH

Rick

HTH

Rick

pipsadmin · ‎08-25-2008

I mean the secondary IP on the interface G0/1.

Gateway of last resort is 209.167.212.241 to network 0.0.0.0

C 220.220.220.0/24 is directly connected, Loopback2

C 216.24.238.0/24 is directly connected, Loopback1

209.167.212.0/29 is subnetted, 1 subnets

C 209.167.212.240 is directly connected, FastEthernet3/0

C 216.24.227.0/24 is directly connected, GigabitEthernet0/1

10.0.0.0/8 is variably subnetted, 13 subnets, 3 masks

S 10.10.8.0/22 [1/0] via 10.10.71.1

C 10.10.14.0/24 is directly connected, FastEthernet2/1

C 10.10.15.0/24 is directly connected, FastEthernet2/0

S 10.10.65.0/24 is directly connected, GigabitEthernet0/0

is directly connected, GigabitEthernet0/1

C 10.10.71.0/24 is directly connected, FastEthernet3/1

C 10.10.72.0/24 is directly connected, GigabitEthernet0/0

S 10.10.112.0/24 [1/0] via 10.10.72.101

S 10.10.113.0/24 [1/0] via 10.10.72.101

S 10.10.114.0/24 [1/0] via 10.10.72.101

S 10.10.115.0/24 [1/0] via 10.10.72.104

S 10.10.116.0/24 [1/0] via 10.10.72.104

S 10.10.117.0/24 [1/0] via 10.10.72.104

S 10.10.120.0/21 [1/0] via 10.10.72.105

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback3

C 192.168.0.0/24 is directly connected, Loopback0

S 192.168.1.0/24 [1/0] via 10.10.71.1

S 192.168.237.0/24 [1/0] via 10.10.14.8

C 216.24.228.0/24 is directly connected, GigabitEthernet0/1

S* 0.0.0.0/0 [1/0] via 209.167.212.241

Interface IP-Address OK? Method Status Prot ocol

GigabitEthernet0/0 10.10.72.1 YES NVRAM up up

GigabitEthernet0/1 216.24.227.1 YES manual up up

FastEthernet0/0/0 unassigned YES unset administratively down down

FastEthernet0/0/1 unassigned YES unset administratively down down

FastEthernet0/0/2 unassigned YES unset administratively down down

FastEthernet0/0/3 unassigned YES unset administratively down down

Serial0/3/0 unassigned YES NVRAM administratively down down

FastEthernet2/0 10.10.15.6 YES NVRAM up up

FastEthernet2/1 10.10.14.2 YES NVRAM up up

FastEthernet3/0 209.167.212.243 YES NVRAM up up

FastEthernet3/1 10.10.71.2 YES NVRAM up up

IDS-Sensor4/0 11.11.11.11 YES TFTP up up

Vlan1 unassigned YES NVRAM administratively down down

Vlan10 216.24.239.1 YES NVRAM administratively down down

Vlan20 216.24.239.129 YES NVRAM administratively down down

Vlan65 10.10.65.1 YES NVRAM administratively down down

NVI0 unassigned NO unset up up

Loopback0 192.168.0.3 YES NVRAM up up

Loopback1 216.24.238.2 YES manual up up

Loopback2 220.220.220.220 YES NVRAM up up

Loopback3 11.11.11.11 YES NVRAM up up

pipsadmin · ‎08-25-2008

BGP table version is 130, local router ID is 220.220.220.220

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

r> 0.0.0.0 209.167.212.241 0 0 701 i

*> 10.10.8.0/22 10.10.71.1 0 32768 ?

*> 10.10.14.0/24 0.0.0.0 0 32768 ?

*> 10.10.15.0/24 0.0.0.0 0 32768 ?

*> 10.10.65.0/24 0.0.0.0 0 32768 ?

*> 10.10.71.0/24 0.0.0.0 0 32768 ?

*> 10.10.72.0/24 0.0.0.0 0 32768 ?

*> 10.10.112.0/24 10.10.72.101 0 32768 ?

*> 10.10.113.0/24 10.10.72.101 0 32768 ?

*> 10.10.114.0/24 10.10.72.101 0 32768 ?

*> 10.10.115.0/24 10.10.72.104 0 32768 ?

*> 10.10.116.0/24 10.10.72.104 0 32768 ?

*> 10.10.117.0/24 10.10.72.104 0 32768 ?

*> 10.10.120.0/21 10.10.72.105 0 32768 ?

*> 11.11.11.0/24 0.0.0.0 0 32768 ?

*> 192.168.0.0 0.0.0.0 0 32768 ?

*> 192.168.1.0 10.10.71.1 0 32768 ?

Network Next Hop Metric LocPrf Weight Path

*> 192.168.237.0 10.10.14.8 0 32768 ?

*> 209.167.212.240/29

0.0.0.0 0 32768 ?

*> 216.24.227.0 0.0.0.0 0 32768 i

*> 216.24.228.0 0.0.0.0 0 32768 i

*> 216.24.238.0 0.0.0.0 0 32768 i

*> 220.220.220.0 0.0.0.0 0 32768 ?

RanilG · ‎08-25-2008

What about the carrier side? Are all your network announcements allowed?

pipsadmin · ‎08-25-2008

yes, they have an ACL that allows 227,228 and 238

Richard Burts · ‎08-25-2008

Nelson

Thank you for the additional information. The things that you have posted look to me like your BGP should be advertising all three routes. Especially when all three are in your local BGP table as shown:

*> 216.24.227.0 0.0.0.0 0 32768 i

*> 216.24.228.0 0.0.0.0 0 32768 i

*> 216.24.238.0 0.0.0.0 0 32768 i

It might be helpful if you would post the output of show ip bgp neighbor 209.167.212.241 advertised-route. I expect that it would show that all three routes are advertised. It is looking to me more like it is an issue on the neighbor side than on your side.

HTH

Rick

HTH

Rick

pipsadmin · ‎08-25-2008

show ip bgp neighbor 209.167.212.241 advertised-route

Shows the same, all 3 routes advertised....

This was not the case when I set this up late saturday night, hence the reason I asked the Peer to setup a static route.

Now, I'm affraid to have that static route removed, and traffic being affected....?!?

RanilG · ‎08-25-2008

Yes, the Internet can not see your 227 and 228 networks being advertised via BGP by your AS, but 238 nework.

http://traceroute.org/#Route%20Servers

telnet://route-server.belwue.de

Therefore, it would be better to be cautious.