[c-nsp] bgp weird issue

mm-tech mm at math.pub.ro
Fri Dec 5 01:00:27 EST 2008 

Well, surprisingly, router1 doesn't select the eBGP defaul route and
chooses the iBGP one instead.

It's weird because the eBGP route has an administrative distance of 20 and
the iBGP has an AD of 200 and it should choose the eBGP route.

I've noticed that when marking the iBGP default route with a localpref
greater than 100, router1 still chooses the iBGP default route. If setting
the localpref value below 100, router1 selects the eBGP default route.

thanks,
john

> Are you receiving a default route from ISP-A on Router1 via BGP? If so the
> eBGP default route should always be selected over the iBGP default
> route...
> assuming you haven't modified the Administrive distances used by Router1.
>
> And there is nothing inelegant with using local-pref, this is what it is
> for
> :)
>
> On Fri, Dec 5, 2008 at 6:26 AM, mm-tech <mm at math.pub.ro> wrote:
>
>> Hi again,
>>
>> I've solved it by marking the default route coming from the iBGP
>> neighbor
>> w/ a local-preference of 90 and now the correct route is the default
>> one.
>> Is there any other more elegant solution to this issue?
>>
>> thanks,
>> john
>>
>> > Hi,
>> >
>> > Yes, I'm still trying to find out more details about rpf...
>> >
>> > But now, I ran into another issue: router1 is preferring the default
>> route
>> > from router2. In other words, once the iBGP relationship is
>> established,
>> > the default route (62.217.x.x) from router1 becomes router2's IP
>> address
>> > (91.195.X.1). Everything works fine, but all the traffic goes out
>> through
>> > router2.
>> >
>> > Do you know how can I fix this issue? I want router1 to keep its
>> default
>> > route after the iBGP comes up.
>> >
>> > Thanks,
>> > john
>> >
>> >> hi,
>> >>
>> >> perhaps rather than just turn it off outright, investigate rpf loose?
>> >>
>> >> that will still allow you to have asymmetric traffic flows and drop
>> >> traffic from bogon address space.
>> >>
>> >> you may still find you get some packet loss where icmp echo replies
>> are
>> >> returned from mpls interfaces that arent advertised, depending on
>> your
>> >> upstream/peer networks, but imho for the most part it works just
>> fine.
>> >>
>> >>> -----Original Message-----
>> >>> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
>> >>> bounces at puck.nether.net] On Behalf Of mm-tech
>> >>> Sent: Thursday, 4 December 2008 5:30 PM
>> >>> To: mm at math.pub.ro
>> >>> Cc: cisco-nsp at puck.nether.net
>> >>> Subject: Re: [c-nsp] bgp weird issue
>> >>>
>> >>> Hi guys,
>> >>>
>> >>> I've finally solved out the mystery with that /29 subnet being
>> blocked
>> >>> after the iBGP relationship came up.
>> >>> It was because of the "ip verify unicast reverse-path" option
>> enabled
>> >>> on
>> >>> Router1 on the interfaces connecting the router to the ISPA.
>> >>> I had this option enabled to prevent ip spoofing, but it seems that
>> it
>> >>> affects in a negative way iBGP, BGP being a unicast protocol.
>> >>>
>> >>> Thanks,
>> >>> john
>> >>>
>> >>> >> Hello John:
>> >>> >>
>> >>> >>
>> >>> >> On 11/30/08 10:32 AM, "mm-tech" <mm at math.pub.ro> wrote:
>> >>> >>
>> >>> >> <snip>
>> >>> >>
>> >>> >>> The issue is after I configure the iBGP relationship between
>> >>> Router1
>> >>> >>> and
>> >>> >>> Router2: connectivity to the 62.217.X.X/29 subnet on Router1 is
>> >>> lost.
>> >>> >>> It
>> >>> >>> cannot be pinged anymore from outside. The 91.195.X.X/23 is
>> >>> announced
>> >>> >>> correctly through both ISPs and any IP in this /23 subnet is
>> >>> pingable
>> >>> >>> from
>> >>> >>> outside. They only problem is with the 62.217.X.X/29 block that
>> >>> becomes
>> >>> >>> unreachable after configuring the iBGP relationship and I don't
>> >>> >>> understand
>> >>> >>> why this is happening.
>> >>> >>>
>> >>> >>> Sorry for the long post and I hope you'll give me some hints -:)
>> >>> >>>
>> >>> >>> Thanks,
>> >>> >>> John
>> >>> >>>
>> >>> >>
>> >>> >> How is the /29 configured on router 1?  If it's being statically
>> >>> routed
>> >>> >> from
>> >>> >> your ISP, then you need to have it in your IGP somehow.
>> Something
>> >>> >> simple
>> >>> >> would be:
>> >>> >>
>> >>> >> Interface x/x
>> >>> >> Ip address 62.217.x.x 255.255.255.248
>> >>> >>
>> >>> >> Router ospf 10
>> >>> >> Redistribute connected subnets
>> >>> >>
>> >>> >> More information is needed, I'm afraid.
>> >>> >>
>> >>> >> Regards,
>> >>> >>
>> >>> >> Mike
>> >>> >>
>> >>> >>
>> >>> > Yes, the /29 subnet is configured on Router1 on a SVI interface. I
>> >>> haven't
>> >>> > tried to put this /29 into my IGP. I'll try that and I'll let you
>> >>> know
>> >>> > guys.
>> >>> >
>> >>> > Iy you need more info, please let me know...
>> >>> >
>> >>> > Thanks,
>> >>> > john
>> >>> >
>> >>> >
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> >>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> >>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> >>
>> >
>> >
>> >
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>

More information about the cisco-nsp mailing list