12-24-2020 03:39 AM
Hi all
I'm having a bit of a dilemma. I'm running MP-BGP to an eBGP peer and I'm seeing routes received from advertised back to the peer.
sh ip bgp vpnv4 vrf Internet_access neighbors 10.91.29.202 advertised-routes
*> 0.0.0.0 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/22 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/21 10.91.29.202 0 100 0 65200 i
*> 2.31.141.169/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.94/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.97/32 10.91.29.202 0 100 0 65200 i
*> 2.125.123.249/32 10.91.29.202 0 100 0 65200 i
*> 2.216.109.247/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.35/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.89/32 10.91.29.202 0 100 0 65200 i
*> 3.10.145.64/32 10.91.29.202 0 100 0 65200 i
*> 3.11.215.246/32 10.91.29.202 0 100 0 65200 i
sh ip bgp vpnv4 vrf Internet_access neighbors 10.91.29.202 routes
*> 0.0.0.0 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/22 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/21 10.91.29.202 0 100 0 65200 i
*> 2.31.141.169/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.94/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.97/32 10.91.29.202 0 100 0 65200 i
*> 2.125.123.249/32 10.91.29.202 0 100 0 65200 i
*> 2.216.109.247/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.35/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.89/32 10.91.29.202 0 100 0 65200 i
*> 3.10.145.64/32 10.91.29.202 0 100 0 65200 i
*> 3.11.215.246/32 10.91.29.202 0 100 0 65200 i
sh ip route vrf Internet_access bgp
Routing Table: Internet_access
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP
+ - replicated route, % - next hop override
Gateway of last resort is 10.91.29.202 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 10.91.29.202, 00:52:12
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 1.136.104.0/21 [20/0] via 10.91.29.202, 00:52:12
B 1.136.104.0/22 [20/0] via 10.91.29.202, 00:52:12
2.0.0.0/32 is subnetted, 7 subnets
B 2.31.141.169 [20/0] via 10.91.29.202, 00:52:12
B 2.122.222.94 [20/0] via 10.91.29.202, 00:52:12
B 2.122.222.97 [20/0] via 10.91.29.202, 00:52:12
B 2.125.123.249 [20/0] via 10.91.29.202, 00:52:12
B 2.216.109.247 [20/0] via 10.91.29.202, 00:52:12
B 2.219.243.35 [20/0] via 10.91.29.202, 00:52:15
B 2.219.243.89 [20/0] via 10.91.29.202, 00:52:15
3.0.0.0/32 is subnetted, 2 subnets
B 3.10.145.64 [20/0] via 10.91.29.202, 00:52:15
B 3.11.215.246 [20/0] via 10.91.29.202, 00:52:15
I'm not sure what to make of this. Can anyone help?
Thanks
12-24-2020 03:56 AM
Can you post your BGP config to look what you are advertising ?
12-24-2020 06:04 AM
router bgp 65201
!
address-family ipv4 vrf Internet_access
no synchronization
redistribute connected route-map set-primary-route
neighbor 10.91.29.202 remote-as 65200
neighbor 10.91.29.202 description Internet access
neighbor 10.91.29.202 activate
neighbor 10.91.29.202 route-map set-primary-route in
neighbor 10.91.29.202 route-map set-primary-route out
exit-address-family
!
route-map set-primary-route permit 10
set metric 0
set local-preference 100
!
end
12-24-2020 06:19 AM
Hello,
--> redistribute connected route-map set-primary-route
You are only advertising redistributed connected routes. What is the purpose of these connected (mainly host) routes on your router ?
12-24-2020 08:06 AM
Those are the only subnets meant to be advertised to the neighbour. Those are being advertised out to the peer, plus the routes received from the peer.
12-24-2020 11:16 AM
Hello,
who is connected to the other side, an ISP ? Or is that a router you control ? Either way, check the configuration of the other side (or contact the ISP), as this looks like a misconfiguration...
12-29-2020 02:06 AM
I connect to an ISP basically. However, thanks for the advice, will get the people in charge on the other side to check.
12-24-2020 05:41 AM
Hello,
the easiest way to fix this would be to accept only the default route from your eBGP peer:
ip prefix-list DEFAULT_ONLY permit 0.0.0.0/0
!
neighbor x.x.x.x prefix-list DEFAULT_ONLY in
12-25-2020 06:51 PM
Hi
CE(65201)-eBGP-PE(65200)
this your AS,
are you config VRF between the CE and PE? and why?
12-29-2020 02:01 AM - edited 12-29-2020 02:02 AM
Hi
Multiple customer services. Have to separate the Internet VRF from other customer VRFs.
12-29-2020 08:14 AM
Apologies all
I guess my confusion is why BGP is advertising the routes out the same interface it received it in? I don't have split horizon enabled on the interface. So what might I be missing?
Would appreciate any insights.
12-29-2020 09:17 AM
this is Bad design,
normally CE-PE , CE connect to PE in global,
here since you have VRF in CE then you need what is called Back-to-Back VRF PE,
I will try lab this design and send you config step.
12-29-2020 09:38 AM
https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/12_2sba/feature/guide/vrflite.html
solution friend take look
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: