Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1528
Views
1
Helpful
3
Replies

Struggling with BGP over PPPoE

Go to solution
RouteOps_gm
Level 1
Level 1

‎10-23-2024 03:08 AM

I'm trying to test a setup in an lab, attempting to peer a multi-homed CPE to a pair of BRAS using PPPoE and BGP. The idea is to use BGP for dynamic route selection and redistribute the routes back into the IGP on the head end.

The CPE has a pair of dialer interfaces, which connect successfully to the BRAS's. I pass the loopback address of the CPE to the BRAS using a Cisco-AVpair attribute returned by RADIUS (same for both usernames - so in effect both BRAS have a route to the CPE's loopback via one or other of the dialers).

All this works - the dialers connect, the CPE can ping both BRAS and vice versa, including setting the CPE loopback as the source. So far, so good. 

The problem is that BGP will not come up. On the CPE I have the update source set to Loopback0 and I can see the packets being sent with that source address. The peerings on the BRAS end are also configured with the CPE's Loopback0 IP. Both BRAS shut down the BGP connect attempt with a TCP RST, and they log the following:


*Oct 23 10:04:56.030: BGP: 1.2.3.4 Active open failed - no route to peer, open active delayed 6144ms (35000ms max, 60% jitter)

As mentioned, everything can 100% ping everything else. I've also investigated fragmentation, and set the following on the dialers and the virtual-template on the BRAS, no change:

mtu 1492
ip tcp adjust-mss 1452

Really I'm just looking for a direction to go in as I have completely run out of ideas. 

Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎10-23-2024 03:27 AM

@RouteOps_gm 

  Would be easier to help if you share the configs and devices model and software version but as per the description, I believe you are missing the command ebgp-multihop . As you are trying to stablish eBGP from the loopback and there will be the phycical interface, BGP might be counting more than one hop.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Maher Abdelshkour
Level 7
Level 7

‎10-23-2024 03:20 AM - edited ‎10-23-2024 04:29 AM

Hello,

Your issue with BGP not coming up, despite the PPPoE and connectivity being established, seems to be related to BGP's reachability and how it resolves the path to the peer. Even though ICMP pings are working, BGP requires proper routing paths between the Loopback interfaces used as the BGP source addresses.

Let's troubleshoot this issue step by step:

1. Verify IGP Reachability of the Loopbacks:

Since you are using the loopback interfaces as BGP update sources, ensure that the BRAS can route to the CPE’s Loopback0 via the IGP (such as OSPF, EIGRP, or static routes).

  • Check if the CPE’s Loopback0 is being advertised into the IGP on the BRAS side.
  • On the BRAS, use show ip route <CPE Loopback0 IP> to verify if the loopback is reachable via the IGP. If it’s not, BGP will not establish the session.

Suggestion:

  • Ensure that the CPE’s Loopback0 IP is redistributed into the IGP or that you have appropriate static routes on the BRAS to reach it.
2. Ensure the Correct BGP Peering Configuration:

On both the CPE and the BRAS, verify that the update-source is correctly set to the Loopback interfaces. Also, check if the neighbor statements are using the correct IP addresses (the Loopback IPs) for peering.

CPE BGP Config:

router bgp <AS number>
neighbor <BRAS Loopback> remote-as <BRAS AS number>
neighbor <BRAS Loopback> update-source Loopback0

BRAS BGP Config:

router bgp <AS number>
neighbor <CPE Loopback> remote-as <CPE AS number>
neighbor <CPE Loopback> update-source Loopback0

Make sure both sides are configured to use the loopbacks and that the IP addresses are correct.

3. Check Routing Tables and Next Hop:

BGP uses the next-hop IP in its path selection. Ensure that both the BRAS and the CPE can see each other’s Loopback IPs in their routing tables, and that the next hop is properly reachable.

Use the following commands to verify:

On the BRAS

show ip route <CPE Loopback>

On the CPE

show ip route <BRAS Loopback>

4. Consider Static Routes for BGP Peer Reachability:

If the loopback is not advertised into the IGP, you can use static routes as a workaround. Add static routes on the BRAS to point to the CPE's loopback address via the PPPoE interface, and vice versa.

On BRAS

ip route <CPE Loopback0> <next hop through dialer>

On CPE

ip route <BRAS Loopback0> <next hop through dialer>

5. Verify TCP MSS and MTU Settings:

Since PPPoE reduces the available MTU, it is good that you’ve already adjusted the TCP MSS. You might also want to ensure that there are no issues with packet fragmentation or firewall rules dropping fragmented packets.

The commands you’ve set for mtu 1492 and ip tcp adjust-mss 1452 seem appropriate for PPPoE, but you can check if there’s any fragmentation by doing a ping test with the DF bit set:

ping <BGP peer IP> source Loopback0 df-bit size 1472

If this fails, it indicates an issue with fragmentation. Adjust the MTU settings accordingly.

6. Check BRAS Logs and ACLs:

Review the BRAS logs to ensure there are no Access Control Lists (ACLs) blocking BGP traffic. Sometimes, BGP sessions are rejected if the required TCP port (179) is not allowed by an ACL on either side.

Check if ACLs are applied on the interface:

show ip interface <interface>

If there are any ACLs applied, ensure that BGP (TCP port 179) is allowed.

7. Debug BGP on CPE and BRAS:

Enable BGP debugging on both sides to capture more details about the failure:

On the CPE:

debug ip bgp
debug ip tcp transactions

On the BRA:

debug ip bgp
debug ip tcp transactions

This will give you more insight into why the TCP RST is being sent.

8. Check RADIUS Attribute for Consistency:

Since you’re using a Cisco-AVpair attribute for the loopback IP in RADIUS, ensure that the attribute is correctly being applied to both dialer interfaces and that both BRAS have a consistent view of the CPE’s loopback.

If you follow these steps and ensure that both BRAS have a route to the CPE’s loopback, the BGP session should come up without issue.

 

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP

‎10-23-2024 03:27 AM

@RouteOps_gm 

  Would be easier to help if you share the configs and devices model and software version but as per the description, I believe you are missing the command ebgp-multihop . As you are trying to stablish eBGP from the loopback and there will be the phycical interface, BGP might be counting more than one hop.

0 Helpful

Go to solution
RouteOps_gm
Level 1
Level 1
In response to Flavio Miranda

‎10-23-2024 04:25 AM

Thanks Flavio that's super helpful, and you're right on the money.

The problem was that I had ebgp-multihop configured on the client but not in the BGP config on the LNS. Added the following and BGP came straight up:

neighbor PPP-CLIENTS ebgp-multihop 2

Thanks very much for your help!

Customers Also Viewed These Support Documents