[c-nsp] bgp weird issue

[mm-tech]

Hi guys,

I've finally solved out the mystery with that /29 subnet being blocked
after the iBGP relationship came up.
It was because of the "ip verify unicast reverse-path" option enabled on
Router1 on the interfaces connecting the router to the ISPA.
I had this option enabled to prevent ip spoofing, but it seems that it
affects in a negative way iBGP, BGP being a unicast protocol.

Thanks,
john

>> Hello John:
>>
>>
>> On 11/30/08 10:32 AM, "mm-tech" <mm at math.pub.ro> wrote:
>>
>> <snip>
>>
>>> The issue is after I configure the iBGP relationship between Router1
>>> and
>>> Router2: connectivity to the 62.217.X.X/29 subnet on Router1 is lost.
>>> It
>>> cannot be pinged anymore from outside. The 91.195.X.X/23 is announced
>>> correctly through both ISPs and any IP in this /23 subnet is pingable
>>> from
>>> outside. They only problem is with the 62.217.X.X/29 block that becomes
>>> unreachable after configuring the iBGP relationship and I don't
>>> understand
>>> why this is happening.
>>>
>>> Sorry for the long post and I hope you'll give me some hints -:)
>>>
>>> Thanks,
>>> John
>>>
>>
>> How is the /29 configured on router 1?  If it's being statically routed
>> from
>> your ISP, then you need to have it in your IGP somehow.  Something
>> simple
>> would be:
>>
>> Interface x/x
>> Ip address 62.217.x.x 255.255.255.248
>>
>> Router ospf 10
>> Redistribute connected subnets
>>
>> More information is needed, I'm afraid.
>>
>> Regards,
>>
>> Mike
>>
>>
> Yes, the /29 subnet is configured on Router1 on a SVI interface. I haven't
> tried to put this /29 into my IGP. I'll try that and I'll let you know
> guys.
>
> Iy you need more info, please let me know...
>
> Thanks,
> john
>
>