2016-09-10



Problem 1: Did not receive prefix advertised by BGP peer.

R2#sh ip bgp summary

BGP router identifier 2.2.2.2, local AS number 2

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

192.168.12.1 4 1 44 43 1 0 0 00:36:08 0

R2 did not receive prefix advertised by R1 via BGP.

R1#sh run | sec router bgp

router bgp 1

bgp log-neighbor-changes

network 1.1.1.1 mask 255.255.255.255

neighbor 192.168.12.2 remote-as 2

R1#

R1#sh ip route | begin Gate

Gateway of last resort is not set

1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 1.1.1.0/27 is directly connected, Loopback1

L 1.1.1.1/32 is directly connected, Loopback1

192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.12.0/24 is directly connected, Ethernet0/0

L 192.168.12.1/32 is directly connected, Ethernet0/0

R1#

This is due to incorrect subnet mask defined in router bgp. When you advertised prefix in BGP the subnet mask must be exactly matched.

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#router bgp 1

R1(config-router)#no network 1.1.1.1 mask 255.255.255.255

R1(config-router)#network 1.1.1.0 mask 255.255.255.224

R1(config-router)#

Let’s verify R2’s BGP status

R2>sh ip bgp summary

BGP router identifier 2.2.2.2, local AS number 2

BGP table version is 2, main routing table version 2

1 network entries using 144 bytes of memory

1 path entries using 80 bytes of memory

1/1 BGP path/bestpath attribute entries using 152 bytes of memory

1 BGP AS-PATH entries using 24 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 400 total bytes of memory

BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

192.168.12.1 4 1 64 62 2 0 0 00:53:23 1

R2>

R2>sh ip bgp

BGP table version is 2, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

*> 1.1.1.0/27 192.168.12.1 0 0 1 i

R2>

The best path is selected and installed into routing table

R2>sh ip route bgp | begin Gate

Gateway of last resort is not set

1.0.0.0/27 is subnetted, 1 subnets

B 1.1.1.0 [20/0] via 192.168.12.1, 00:01:58

R2>

Problem 2: R1 and R5 could not see routes advertised in BGP

R1 could not get the routes advertised by R5 (5.5.5.5/32) and R5 could not get the routes advertised by R1 (1.1.1.0/27).

The problem is that only R1 and R2 have formed BGP peers and shared routes advertised by R1, and R4 and R5 have formed BGP peers and shared routes advertised by R5. There is no internal BGP (iBGP) formed between R2 and R4.

iBGP is necessary for route advertised by eBGP to transit from one Autonomous System (AS) to another AS.

R2(config)#router bgp 2

R2(config-router)#neighbor 4.4.4.4 remote-as 2

R2(config-router)#neighbor 4.4.4.4 update-source lo2

R4(config)#router bgp 2

R4(config-router)#neighbor 2.2.2.2 remote

R4(config-router)#neighbor 2.2.2.2 remote-as 2

R4(config-router)#neighbor 2.2.2.2 update-source lo4

R4(config-router)#end

R2#sh ip bgp summary | in Nei|4.4.4.4

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

4.4.4.4 4 2 18 18 2 0 0 00:12:06 1

R2#

R4#sh ip bgp summary | in Neig|2.2.2.2

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

2.2.2.2 4 2 19 19 2 0 0 00:12:56 1

R4#

As can be seen the neighborship is formed and prefix is shared.

Problem 2.1: BGP routes not in routing table

Although R2 and R4 have formed iBGP neighbors and provides means to let the prefix advertised to be received as shown in show ip bgp summary command. R1 and R5 still do not have routes of each other in their own routing table.

R2 and R4 also do not have 5.5.5.5 and 1.1.1.1 found in their own routing table respectively.

R2#sh ip bgp | begin Net

Network Next Hop Metric LocPrf Weight Path

*> 1.1.1.0/27 192.168.12.1 0 0 1 i

* i 5.5.5.5/32 192.168.45.5 0 100 0 3 i

R2#

Although 5.5.5.5/32 is received by R2 it is not put into its routing table, a router only puts the best route into its own routing table.

As shown in the show ip bgp command the next hop to reach 5.5.5.5 is via 192.168.45.5, but R2 has no knowledge of this route!

R2#sh ip route 192.168.45.5

% Network not in table

R2#

The situation is the same for R4

R4#sh ip bgp | beg Net

Network Next Hop Metric LocPrf Weight Path

* i 1.1.1.0/27 192.168.12.1 0 100 0 1 i

*> 5.5.5.5/32 192.168.45.5 0 0 3 i

R4#

R4 does not know how to reach 192.168.12.1 and hence 1.1.1.0/27 prefix though is received, is not installed into its own routing table.

R4#sh ip route 192.168.12.1

% Network not in table

R4#

The solution can be R2 advertise 192.168.12.2 via OSPF and R4 advertise 192.168.45.4 via OSPF

R2(config)#router ospf 1

R2(config-router)#network 192.168.12.2 0.0.0.0 area 0

R2(config-router)#end

R4(config)#router ospf 1

R4(config-router)#network 192.168.45.4 0.0.0.0 area 0

Or to use the bgp neighbor x.x.x.x next-hop-self command.

R2(config)#router bgp 2

R2(config-router)#neighbor 4.4.4.4 next-hop-self

R2(config-router)#end

R4(config-router)#router bgp 2

R4(config-router)#neighbor 2.2.2.2 next-hop-self

BGP does not change the next hop by default.

R2#sh ip bgp | in Net|5.5.5.5

Network Next Hop Metric LocPrf Weight Path

*>i 5.5.5.5/32 4.4.4.4 0 100 0 3 i

R2#sh ip route bgp | beg Gate|5.5.5.5

Gateway of last resort is not set

1.0.0.0/27 is subnetted, 1 subnets

B 1.1.1.0 [20/0] via 192.168.12.1, 02:33:04

5.0.0.0/32 is subnetted, 1 subnets

B 5.5.5.5 [200/0] via 4.4.4.4, 00:03:15

R2#

R4#sh ip bgp | in Net|1.1.1.

Network Next Hop Metric LocPrf Weight Path

*>i 1.1.1.0/27 2.2.2.2 0 100 0 1 i

R4#show ip route bgp | beg Gate

Gateway of last resort is not set

1.0.0.0/27 is subnetted, 1 subnets

B 1.1.1.0 [200/0] via 2.2.2.2, 00:06:26

5.0.0.0/32 is subnetted, 1 subnets

B 5.5.5.5 [20/0] via 192.168.45.5, 02:39:22

R4#

As shown above the next hop address to reach 1.1.1.0/27 and 5.5.5.5/32 are updated.

Now the R1 and R5 should have the each other’s advertised routes.

R1>sh ip route bgp | beg Gate

Gateway of last resort is not set

5.0.0.0/32 is subnetted, 1 subnets

B 5.5.5.5 [20/0] via 192.168.12.2, 00:05:41

R5>sh ip route bgp | beg Gate

Gateway of last resort is not set

1.0.0.0/27 is subnetted, 1 subnets

B 1.1.1.0 [20/0] via 192.168.45.4, 00:08:52

R5>

Problem 3: R1 and R5 could not reach each other’s advertised prefix

R1>sh ip route bgp | beg Gate

Gateway of last resort is not set

5.0.0.0/32 is subnetted, 1 subnets

B 5.5.5.5 [20/0] via 192.168.12.2, 00:05:41

R1>ping 5.5.5.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R1>

R5>sh ip route bgp | beg Gate

Gateway of last resort is not set

1.0.0.0/27 is subnetted, 1 subnets

B 1.1.1.0 [20/0] via 192.168.45.4, 00:08:52

R5>ping 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R5>

Let’s traceroute and see which router has dropped the traffic.

R1#traceroute 5.5.5.5 numeric

Type escape sequence to abort.

Tracing the route to 5.5.5.5

VRF info: (vrf in name/id, vrf out name/id)

1 192.168.12.2 1 msec 0 msec 1 msec

2 * * *

3

R1#

The problem is with R3!

R3#sh ip route | beg Gate

Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets

O 2.2.2.2 [110/11] via 192.168.23.2, 03:30:14, Ethernet0/1

3.0.0.0/32 is subnetted, 1 subnets

C 3.3.3.3 is directly connected, Loopback3

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [110/11] via 192.168.34.4, 03:27:50, Ethernet0/2

192.168.23.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.23.0/24 is directly connected, Ethernet0/1

L 192.168.23.3/32 is directly connected, Ethernet0/1

192.168.34.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.34.0/24 is directly connected, Ethernet0/2

L 192.168.34.3/32 is directly connected, Ethernet0/2

R3#

R3 has no idea where to route 1.1.1.1 or 5.5.5.5 because these two networks not in its routing table.

Two solutions:

Redistribute BGP into OSPF; 1 prefix is fine… but if there are 600k prefixes then I think R3 cannot take it!

Make R3 to be iBGP as well! Talk the same language buddy!

R3(config)#router bgp 2

R3(config-router)#neighbor 2.2.2.2 remote-as 2

R3(config-router)#neighbor 2.2.2.2 update-source lo3

R3(config-router)#neighbor 4.4.4.4 remote-as 2

R3(config-router)#neighbor 4.4.4.4 update-source lo3

R3(config-router)#end

R2(config)#router bgp 2

R2(config-router)#neighbor 3.3.3.3 remote-as 2

R2(config-router)#neighbor 3.3.3.3 update-source lo2

R2(config-router)#neighbor 3.3.3.3 next-hop-self

R2(config-router)#end

R4(config)#router bgp 2

R4(config-router)#neighbor 3.3.3.3 remote-as 2

R4(config-router)#neighbor 3.3.3.3 update-source lo4

R4(config-router)#neighbor 3.3.3.3 next-hop-self

R4(config-router)#end

R3#sh ip bgp | beg Net

Network Next Hop Metric LocPrf Weight Path

*>i 1.1.1.0/27 2.2.2.2 0 100 0 1 i

*>i 5.5.5.5/32 4.4.4.4 0 100 0 3 i

R3#sh ip route bgp | beg Gate

Gateway of last resort is not set

1.0.0.0/27 is subnetted, 1 subnets

B 1.1.1.0 [200/0] via 2.2.2.2, 00:01:30

5.0.0.0/32 is subnetted, 1 subnets

B 5.5.5.5 [200/0] via 4.4.4.4, 00:01:30

R3#

So I think R1 should be able to reach 5.5.5.5 and R5 to reach 1.1.1.1?

R1>ping 5.5.5.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R1>

R5>ping 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R5>

HUH?!

Problem 4: R1 and R5 cannot reach each other’s advertised prefix despite via transit AS that has all iBGP routers.

I turn on debug ip packet on R1 and R5; Found something interesting on R1’s debug.

R1#

*Sep 10 14:22:50.160: IP: tableid=0, s=192.168.45.5 (Ethernet0/0), d=1.1.1.1 (Loopback1), routed via RIB

*Sep 10 14:22:50.160: IP: s=192.168.12.1 (local), d=192.168.45.5, len 56, unroutable

R1#u all

All possible debugging has been turned off

R1#

It says 192.168.45.5 is unroutable!

R5#sh ip route | b Ga

Gateway of last resort is not set

1.0.0.0/27 is subnetted, 1 subnets

B 1.1.1.0 [20/0] via 192.168.45.4, 01:04:37

5.0.0.0/32 is subnetted, 1 subnets

C 5.5.5.5 is directly connected, Loopback5

192.168.45.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.45.0/24 is directly connected, Ethernet0/0

L 192.168.45.5/32 is directly connected, Ethernet0/0

R5#

R5#sh run | s r b

router bgp 3

bgp log-neighbor-changes

network 5.5.5.5 mask 255.255.255.255

neighbor 192.168.45.4 remote-as 2

R5#

So let’s try advertise 192.168.45.0/24 via BGP on R4?

R4(config)#router bgp 2

R4(config-router)#network 192.168.45.0 mask 255.255.255.0

R4(config-router)#end

Also from R5’s debug:

R5#

*Sep 10 14:28:09.544: IP: tableid=0, s=192.168.12.1 (Ethernet0/0), d=5.5.5.5 (Loopback5), routed via RIB

*Sep 10 14:28:09.544: IP: s=192.168.12.1 (Ethernet0/0), d=5.5.5.5, len 100, rcvd 4

*Sep 10 14:28:09.544: IP: s=192.168.12.1 (Ethernet0/0), d=5.5.5.5, len 100, stop process pak for forus packet

*Sep 10 14:28:09.544: IP: s=5.5.5.5 (local), d=192.168.12.1, len 100, unroutable

R5#

the network 192.168.12.0/24 also unreachable, so let’s advertise the 192.168.21.0/24 route on R2

R2(config)#router bgp 2

R2(config-router)#network 192.168.12.0 mask 255.255.255.0

R2(config-router)#end

Finally!

R1#ping 5.5.5.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms

R1#

R1#sh ip bgp | beg Net

Network Next Hop Metric LocPrf Weight Path

*> 1.1.1.0/27 0.0.0.0 0 32768 i

*> 5.5.5.5/32 192.168.12.2 0 2 3 i

r> 192.168.12.0 192.168.12.2 0 0 2 i

*> 192.168.45.0 192.168.12.2 0 2 i

R5#ping 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R5#

R5#sh ip bgp | beg Net

Network Next Hop Metric LocPrf Weight Path

*> 1.1.1.0/27 192.168.45.4 0 2 1 i

*> 5.5.5.5/32 0.0.0.0 0 32768 i

*> 192.168.12.0 192.168.45.4 0 2 i

r> 192.168.45.0 192.168.45.4 0 0 2 i

R5#

Show more