Re: Seeing received BGP routes from a peer readvertised to same peer

ugogbos99 · ‎12-24-2020

Hi all

I'm having a bit of a dilemma. I'm running MP-BGP to an eBGP peer and I'm seeing routes received from advertised back to the peer.

sh ip bgp vpnv4 vrf Internet_access neighbors 10.91.29.202 advertised-routes
*> 0.0.0.0 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/22 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/21 10.91.29.202 0 100 0 65200 i
*> 2.31.141.169/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.94/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.97/32 10.91.29.202 0 100 0 65200 i
*> 2.125.123.249/32 10.91.29.202 0 100 0 65200 i
*> 2.216.109.247/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.35/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.89/32 10.91.29.202 0 100 0 65200 i
*> 3.10.145.64/32 10.91.29.202 0 100 0 65200 i
*> 3.11.215.246/32 10.91.29.202 0 100 0 65200 i

sh ip bgp vpnv4 vrf Internet_access neighbors 10.91.29.202 routes
*> 0.0.0.0 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/22 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/21 10.91.29.202 0 100 0 65200 i
*> 2.31.141.169/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.94/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.97/32 10.91.29.202 0 100 0 65200 i
*> 2.125.123.249/32 10.91.29.202 0 100 0 65200 i
*> 2.216.109.247/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.35/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.89/32 10.91.29.202 0 100 0 65200 i
*> 3.10.145.64/32 10.91.29.202 0 100 0 65200 i
*> 3.11.215.246/32 10.91.29.202 0 100 0 65200 i

sh ip route vrf Internet_access bgp

Routing Table: Internet_access
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP
+ - replicated route, % - next hop override

Gateway of last resort is 10.91.29.202 to network 0.0.0.0

B* 0.0.0.0/0 [20/0] via 10.91.29.202, 00:52:12
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 1.136.104.0/21 [20/0] via 10.91.29.202, 00:52:12
B 1.136.104.0/22 [20/0] via 10.91.29.202, 00:52:12
2.0.0.0/32 is subnetted, 7 subnets
B 2.31.141.169 [20/0] via 10.91.29.202, 00:52:12
B 2.122.222.94 [20/0] via 10.91.29.202, 00:52:12
B 2.122.222.97 [20/0] via 10.91.29.202, 00:52:12
B 2.125.123.249 [20/0] via 10.91.29.202, 00:52:12
B 2.216.109.247 [20/0] via 10.91.29.202, 00:52:12
B 2.219.243.35 [20/0] via 10.91.29.202, 00:52:15
B 2.219.243.89 [20/0] via 10.91.29.202, 00:52:15
3.0.0.0/32 is subnetted, 2 subnets
B 3.10.145.64 [20/0] via 10.91.29.202, 00:52:15
B 3.11.215.246 [20/0] via 10.91.29.202, 00:52:15

I'm not sure what to make of this. Can anyone help?

Thanks

balaji.bandi · ‎12-24-2020

Can you post your BGP config to look what you are advertising ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ugogbos99 · ‎12-24-2020

router bgp 65201
!
address-family ipv4 vrf Internet_access
no synchronization
redistribute connected route-map set-primary-route
neighbor 10.91.29.202 remote-as 65200
neighbor 10.91.29.202 description Internet access
neighbor 10.91.29.202 activate
neighbor 10.91.29.202 route-map set-primary-route in
neighbor 10.91.29.202 route-map set-primary-route out
exit-address-family
!
route-map set-primary-route permit 10
set metric 0
set local-preference 100
!
end

Georg Pauwen · ‎12-24-2020

Hello,

--> redistribute connected route-map set-primary-route

You are only advertising redistributed connected routes. What is the purpose of these connected (mainly host) routes on your router ?

ugogbos99 · ‎12-24-2020

Those are the only subnets meant to be advertised to the neighbour. Those are being advertised out to the peer, plus the routes received from the peer.

Georg Pauwen · ‎12-24-2020

Hello,

who is connected to the other side, an ISP ? Or is that a router you control ? Either way, check the configuration of the other side (or contact the ISP), as this looks like a misconfiguration...

ugogbos99 · ‎12-29-2020

I connect to an ISP basically. However, thanks for the advice, will get the people in charge on the other side to check.

Georg Pauwen · ‎12-24-2020

Hello,

the easiest way to fix this would be to accept only the default route from your eBGP peer:

ip prefix-list DEFAULT_ONLY permit 0.0.0.0/0
!
neighbor x.x.x.x prefix-list DEFAULT_ONLY in

MHM Cisco World · ‎12-25-2020

Hi
CE(65201)-eBGP-PE(65200)
this your AS,
are you config VRF between the CE and PE? and why?

ugogbos99 · ‎12-29-2020

Hi

Multiple customer services. Have to separate the Internet VRF from other customer VRFs.

ugogbos99 · ‎12-29-2020

Apologies all

I guess my confusion is why BGP is advertising the routes out the same interface it received it in? I don't have split horizon enabled on the interface. So what might I be missing?

Would appreciate any insights.

MHM Cisco World · ‎12-29-2020

this is Bad design,

normally CE-PE , CE connect to PE in global,

here since you have VRF in CE then you need what is called Back-to-Back VRF PE,

I will try lab this design and send you config step.

MHM Cisco World · ‎12-29-2020

https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/12_2sba/feature/guide/vrflite.html

solution friend take look