[c-nsp] inter-as mp-bgp with ttl-security issue

Gert Doering gert at greenie.muc.de
Tue Jan 3 14:37:21 EST 2012


On Tue, Jan 03, 2012 at 05:51:37PM +0100, Vitkovsky, Adam wrote:
> Now here's the catch:
> If I decide to use "ttl-security" in the session template on both ends I won't get routing updates across the established session
> Reason according to debug: -- DENIED due to: non-connected MP_REACH NEXTHOP;, label 18

Unless you use "ebgp-multihop" or "disabled-connected-check", the
next-hop received must be in a locally connected(!) subnet on the 
receiving side.

> -which is not true as the Inter-AS-route-reflector has a route to the originating PE in the other AS route is pointing to the ASBR connecting to the other AS

... which is not "connected".  Very much not so :-)

Note that it doesn't tell you "non-reachable ... NEXTHOP" but "non-connected".

    no 4-letter certificates
USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20120103/933d8f06/attachment.sig>

More information about the cisco-nsp mailing list