I have a router ( in one AS) that is advertising the routes that it learned from a peer (in another AS) back to that same peer. ( it should only be advertising 11 prefixes that originate within
If you look at the output below, the next hop that is being advertised to the peer is the peer's own IP address!!!
I am uncertain as to why this would ever happen. It seems totally illogical to me. I have tried resetting the peer and clearing bgp/route/igp tables but it just does not go away.
sample output (edited)
#sh ip bgp summ
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
184.108.40.206 4 65000 135841 138948 46252 0 0 1w0d 1050
#sh ip bgp nei 220.127.116.11 advertised-routes
BGP table version is 46252, local router ID is 10.48.0.9
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Originating default network 0.0.0.0
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0/13 18.104.22.168 0 65000 65180 i
*> 10.0.0.0/9 0.0.0.0 0 32768 i
*> 10.8.0.0/16 22.214.171.124 0 65000 65180 i
*> 10.16.0.0/16 126.96.36.199 0 65000 65030 i
*> 10.16.0.0/15 188.8.131.52 0 65000 65030 i
*> 10.17.0.0/16 184.108.40.206 0 65000 65030 i
*> 10.28.16.0/20 220.127.116.11 0 65000 65180 i
*> 10.28.252.3/32 18.104.22.168 0 65000 64924 i
*> 10.30.4.0/23 22.214.171.124 0 65000 65222 i
yes - i am receiving all those routes from the peer
i do not have access to the peer - it is a provider router
router bgp 65010
network 10.0.0.0 mask 255.128.0.0
network 10.48.0.0 mask 255.252.0.0
network 10.128.0.0 mask 255.128.0.0
network 10.224.0.0 mask 255.248.0.0
network 126.96.36.199 mask 255.255.128.0
network 188.8.131.52 mask 255.255.255.255
network 184.108.40.206 mask 255.255.128.0
network 172.16.0.0 mask 255.248.0.0
network 172.24.0.0 mask 255.248.0.0
network 172.25.74.0 mask 255.255.255.0
network 172.25.75.0 mask 255.255.255.0
network 192.168.0.0 mask 255.255.128.0
network 192.168.128.0 mask 255.255.128.0
neighbor 220.127.116.11 remote-as 65000
neighbor 18.104.22.168 description Verizon-MPLS-BGP_Peer
neighbor 22.214.171.124 password
neighbor 126.96.36.199 version 4
neighbor 188.8.131.52 send-community
neighbor 184.108.40.206 default-originate
you cannot access the peer so you cannot be sure that these prefixes are actually advertised back to it.
The impact of this should be limited because the peer should drop these routes.
You say the peer is a provider router, Verizon I see in the description, but AS 65000 is a private-as.
My guess is that your peer is using a feature called local-as: it is pretending to you over the EBGP session to be part of private AS 65000 but if it is a real MPLS PE node it should be member of one ASes of Verizon.
In order to be sure that you don't send back these prefixes you can implement an output filter using a prefix-list:
you need to allow
the default route you are sending out and the prefixes that are configured in the network commands
ip prefix-list To_Verizon seq 5 permit 0.0.0.0/0
ip prefix-list To_Verizon seq 10 permit 10.0.0.0/9
ip prefix-list To_Verizon seq 20 permit 10.128.0.0/9
ip prefix-list To_Verizon seq 20 permit 10.48.0.0/14
and so on
router bgp 65000
neighbor 220.127.116.11 prefix-list To_Verizon out
clear ip bgp 18.104.22.168
then issue again the
sh ip bgp n 22.214.171.124 advertised-routes
and see what declares
with this experiment you can understand if the show output is meaningful or not.
Hope to help
Since this is not a transit AS there is a simpler solution. Filter any route that does not originate in the local AS.
ip as-path access-list 99 permit ^$
ip as-path access-list 99 deny .*
router bgp 65010
neighbor 126.96.36.199 filter-list 99 out
After applying this filter, the advertised routes output looks correct - so i do not think this is a CLI output issue as you suggest.
HOWEVER, the intent of the post was to understand WHY this strange advertisement is happening, not simply to stop it.
If you look back at the original post there is nothing to explain the observed behavior.
In effect the conversation is....
"Hello Giuseppe, this is John. I have a bunch of routes for you to learn and the next hop for all of them is YOU, Giuseppe. "
I don't believe these routes are being learned form any other source than the eBGP peer in question, otherwise the next hop would be different.
So if anyone has any more ideas on what might be happening, I am listening.
Does your local router also have these routes from other sources, like a backup ISP?
'Cause I mean if it's advertising routes it learned from 188.8.131.52 right back to it, how come there are additional AS'es in the paths it's advertising?
[EDIT: Wait wait, duh; those are the AS paths in the routes that 184.108.40.206 was advertising in the first place... DER. (I wish this board would let us delete our own posts instead of just edit them.)]