12-24-2020 03:39 AM
Hi all
I'm having a bit of a dilemma. I'm running MP-BGP to an eBGP peer and I'm seeing routes received from advertised back to the peer.
sh ip bgp vpnv4 vrf Internet_access neighbors 10.91.29.202 advertised-routes
*> 0.0.0.0 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/22 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/21 10.91.29.202 0 100 0 65200 i
*> 2.31.141.169/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.94/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.97/32 10.91.29.202 0 100 0 65200 i
*> 2.125.123.249/32 10.91.29.202 0 100 0 65200 i
*> 2.216.109.247/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.35/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.89/32 10.91.29.202 0 100 0 65200 i
*> 3.10.145.64/32 10.91.29.202 0 100 0 65200 i
*> 3.11.215.246/32 10.91.29.202 0 100 0 65200 i
sh ip bgp vpnv4 vrf Internet_access neighbors 10.91.29.202 routes
*> 0.0.0.0 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/22 10.91.29.202 0 100 0 65200 i
*> 1.136.104.0/21 10.91.29.202 0 100 0 65200 i
*> 2.31.141.169/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.94/32 10.91.29.202 0 100 0 65200 i
*> 2.122.222.97/32 10.91.29.202 0 100 0 65200 i
*> 2.125.123.249/32 10.91.29.202 0 100 0 65200 i
*> 2.216.109.247/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.35/32 10.91.29.202 0 100 0 65200 i
*> 2.219.243.89/32 10.91.29.202 0 100 0 65200 i
*> 3.10.145.64/32 10.91.29.202 0 100 0 65200 i
*> 3.11.215.246/32 10.91.29.202 0 100 0 65200 i
sh ip route vrf Internet_access bgp
Routing Table: Internet_access
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP
+ - replicated route, % - next hop override
Gateway of last resort is 10.91.29.202 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 10.91.29.202, 00:52:12
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 1.136.104.0/21 [20/0] via 10.91.29.202, 00:52:12
B 1.136.104.0/22 [20/0] via 10.91.29.202, 00:52:12
2.0.0.0/32 is subnetted, 7 subnets
B 2.31.141.169 [20/0] via 10.91.29.202, 00:52:12
B 2.122.222.94 [20/0] via 10.91.29.202, 00:52:12
B 2.122.222.97 [20/0] via 10.91.29.202, 00:52:12
B 2.125.123.249 [20/0] via 10.91.29.202, 00:52:12
B 2.216.109.247 [20/0] via 10.91.29.202, 00:52:12
B 2.219.243.35 [20/0] via 10.91.29.202, 00:52:15
B 2.219.243.89 [20/0] via 10.91.29.202, 00:52:15
3.0.0.0/32 is subnetted, 2 subnets
B 3.10.145.64 [20/0] via 10.91.29.202, 00:52:15
B 3.11.215.246 [20/0] via 10.91.29.202, 00:52:15
I'm not sure what to make of this. Can anyone help?
Thanks
12-24-2020 03:56 AM
Can you post your BGP config to look what you are advertising ?
12-24-2020 06:04 AM
router bgp 65201
!
address-family ipv4 vrf Internet_access
no synchronization
redistribute connected route-map set-primary-route
neighbor 10.91.29.202 remote-as 65200
neighbor 10.91.29.202 description Internet access
neighbor 10.91.29.202 activate
neighbor 10.91.29.202 route-map set-primary-route in
neighbor 10.91.29.202 route-map set-primary-route out
exit-address-family
!
route-map set-primary-route permit 10
set metric 0
set local-preference 100
!
end
12-24-2020 06:19 AM
Hello,
--> redistribute connected route-map set-primary-route
You are only advertising redistributed connected routes. What is the purpose of these connected (mainly host) routes on your router ?
12-24-2020 08:06 AM
Those are the only subnets meant to be advertised to the neighbour. Those are being advertised out to the peer, plus the routes received from the peer.
12-24-2020 11:16 AM
Hello,
who is connected to the other side, an ISP ? Or is that a router you control ? Either way, check the configuration of the other side (or contact the ISP), as this looks like a misconfiguration...
12-29-2020 02:06 AM
I connect to an ISP basically. However, thanks for the advice, will get the people in charge on the other side to check.
12-24-2020 05:41 AM
Hello,
the easiest way to fix this would be to accept only the default route from your eBGP peer:
ip prefix-list DEFAULT_ONLY permit 0.0.0.0/0
!
neighbor x.x.x.x prefix-list DEFAULT_ONLY in
12-25-2020 06:51 PM
Hi
CE(65201)-eBGP-PE(65200)
this your AS,
are you config VRF between the CE and PE? and why?
12-29-2020 02:01 AM - edited 12-29-2020 02:02 AM
Hi
Multiple customer services. Have to separate the Internet VRF from other customer VRFs.
12-29-2020 08:14 AM
Apologies all
I guess my confusion is why BGP is advertising the routes out the same interface it received it in? I don't have split horizon enabled on the interface. So what might I be missing?
Would appreciate any insights.
12-29-2020 09:17 AM
this is Bad design,
normally CE-PE , CE connect to PE in global,
here since you have VRF in CE then you need what is called Back-to-Back VRF PE,
I will try lab this design and send you config step.
12-29-2020 09:38 AM
https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/12_2sba/feature/guide/vrflite.html
solution friend take look
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide