Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1248
Views
0
Helpful
6
Replies

Routing Issue - iBGP Peering

Go to solution
caiobomani
Level 1
Level 1

‎07-17-2019 07:32 AM - edited ‎07-17-2019 07:36 AM

Dear team,

 

I'm currently experiencing some odd behavior on my iBGP routing and could use some assistance.

 

The goal is to reach i.j.114.170 from every router.

 

I'm attaching a drawing with all my routers as they are connected.

Below are the troubleshooting outputs from each of the 4 routers:

 

DC1-01#show ip route i.j.114.170
Routing entry for i.j.0.0/16, supernet
Known via "bgp 267352", distance 20, metric 0
Tag 3549, type external
Last update from a.b.135.9 5d10h ago
Routing Descriptor Blocks:
* a.b.135.9, from a.b.135.9, 5d10h ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 3549
MPLS label: none

DC1-01#ping i.j.114.170
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to i.j.114.170, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms

DC1-01#traceroute i.j.114.170
Type escape sequence to abort.
Tracing the route to i.j.114.170
VRF info: (vrf in name/id, vrf out name/id)
1 i.j.135.9 [AS 3549] 1 msec 1 msec 1 msec
2 64.209.11.190 4 msec
64.209.11.186 2 msec
64.209.11.190 2 msec
3 189.125.22.198 [AS 3549] 2 msec 2 msec 2 msec
4 * * *
5 * * *
6 * * *
7 * * *

 

----------------------------------------------

DC1-02#show ip route i.j.114.170
Routing entry for i.j.0.0/16, supernet
Known via "bgp 267352", distance 200, metric 0
Tag 3549, type internal
Last update from a.b.135.9 5d10h ago
Routing Descriptor Blocks:
* a.b.135.9, from 192.168.227.26, 5d10h ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 3549
MPLS label: none

DC1-02#ping i.j.114.170
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to i.j.114.170, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

DC1-02#traceroute i.j.114.170
Type escape sequence to abort.
Tracing the route to i.j.114.170
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *

 

----------------------------------------------

DC2-01#show ip route i.j.114.170
Routing entry for i.j.0.0/16, supernet
Known via "bgp 267352", distance 200, metric 0
Tag 3549, type internal
Last update from a.b.135.9 5d10h ago
Routing Descriptor Blocks:
* a.b.135.9, from 192.168.227.26, 5d10h ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 3549
MPLS label: none

DC2-01#ping i.j.114.170
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to i.j.114.170, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

DC2-01#traceroute i.j.114.170
Type escape sequence to abort.
Tracing the route to i.j.114.170
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *

 

----------------------------------------------

DC2-02#show ip route i.j.114.170
Routing entry for i.j.0.0/16, supernet
Known via "bgp 267352", distance 200, metric 0
Tag 3549, type internal
Last update from a.b.135.9 5d10h ago
Routing Descriptor Blocks:
* a.b.135.9, from 192.168.227.26, 5d10h ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 3549
MPLS label: none

 

DC2-02#ping i.j.114.170
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to i.j.114.170, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

DC2-02#traceroute i.j.114.170
Type escape sequence to abort.
Tracing the route to i.j.114.170
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *

Preview file
461 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to caiobomani

‎07-17-2019 01:03 PM

Hello caiobornani,

if the eBGP next-hop is not resolved by the other routers means network a.b.135.8/30 is not advertised in IGP by DC1-01 router.

Or you use passive-interface + network command in IGP or you set next-hop self on all iBGP sessions on DC1-01 router so that the unresolved BGP next-hop is fixed.

 

Hope to help

Giuseppe

 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-17-2019 08:22 AM

Hello caiobomani,

 all routers have installed a BGP route with the following next-hop that is Carrier-1 ISP router in DC-1 according to your network diagram:

>> * a.b.135.9, from a.b.135.9, 5d10h ago

 

The only router that is able to ping is the one with a direct eBGP session with a.b.135.9.

 

what IP prefixes are you advertising from DC1-01 router to the eBGP neighbor a.b.135.9 ?

 

even DC1-02 router is not able to ping meaning its source address is not known on Carrier1 ISP AS network.

 

check on DC1-01 with

show ip bgp a.b.135.9 advertised-routes

 

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
Martin L
VIP
VIP
In response to Giuseppe Larosa

‎07-17-2019 08:23 AM


sh ip route x x x x and ip cef x x x x
0 Helpful

Go to solution
caiobomani
Level 1
Level 1
In response to Martin L

‎07-17-2019 12:26 PM

The show ip route is already given but show ip cef do give me some directions.

 

All routers that do not have a direct peer are in an unresolved state and ended up in recursive-looped:

 

DC1-02#show ip cef i.j.114.170
i.j.0.0/16
unresolved via a.b.135.9
recursive-looped

 

DC2-01#show ip cef i.j.114.170
i.j.0.0/16
unresolved via a.b.135.9
recursive-looped

 

DC2-02#show ip cef i.j.114.170
i.j.0.0/16
unresolved via a.b.135.9
recursive-looped

0 Helpful

Go to solution
caiobomani
Level 1
Level 1
In response to Giuseppe Larosa

‎07-17-2019 12:19 PM

DC1-01#show ip bgp neighbors a.b.135.9 advertised-routes
BGP table version is 662498384, local router ID is 10.134.1.12
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> x.y.232.0/24 x.y.232.251 0 32768 ?
*> x.y.232.0/23 x.y.232.251 0 32768 ?

Total number of prefixes 2

 

 

I thought that it could be the problem, but from the firewall that is behind or even if i specify the interface source, the result is the same.

 

And also, on the traceroute, it don't even reach the router that is peering with carrier 1 on DC1.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to caiobomani

‎07-17-2019 01:03 PM

Hello caiobornani,

if the eBGP next-hop is not resolved by the other routers means network a.b.135.8/30 is not advertised in IGP by DC1-01 router.

Or you use passive-interface + network command in IGP or you set next-hop self on all iBGP sessions on DC1-01 router so that the unresolved BGP next-hop is fixed.

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
caiobomani
Level 1
Level 1
In response to Giuseppe Larosa

‎07-17-2019 02:24 PM

Indeed the next-hop-self fixed the issue.

 

I did not notice (and either was aware) that the next hop advertised from eBGP peering would be maintained on an iBGP advertising.

 

With the next-hop-self, now the routers on the other data centers are able to reach the router redistributing the routes via the self ip as the next hop and the traffic is successfully flowing back and forth.

 

Thanks for the assistance.

 

Caio

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card