[c-nsp] bgp weird issue

mm-tech mm at math.pub.ro
Thu Dec 4 13:45:54 EST 2008 

Hi,

Yes, I'm still trying to find out more details about rpf...

But now, I ran into another issue: router1 is preferring the default route
from router2. In other words, once the iBGP relationship is established,
the default route (62.217.x.x) from router1 becomes router2's IP address
(91.195.X.1). Everything works fine, but all the traffic goes out through
router2.

Do you know how can I fix this issue? I want router1 to keep its default
route after the iBGP comes up.

Thanks,
john

> hi,
>
> perhaps rather than just turn it off outright, investigate rpf loose?
>
> that will still allow you to have asymmetric traffic flows and drop
> traffic from bogon address space.
>
> you may still find you get some packet loss where icmp echo replies are
> returned from mpls interfaces that arent advertised, depending on your
> upstream/peer networks, but imho for the most part it works just fine.
>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
>> bounces at puck.nether.net] On Behalf Of mm-tech
>> Sent: Thursday, 4 December 2008 5:30 PM
>> To: mm at math.pub.ro
>> Cc: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] bgp weird issue
>>
>> Hi guys,
>>
>> I've finally solved out the mystery with that /29 subnet being blocked
>> after the iBGP relationship came up.
>> It was because of the "ip verify unicast reverse-path" option enabled on
>> Router1 on the interfaces connecting the router to the ISPA.
>> I had this option enabled to prevent ip spoofing, but it seems that it
>> affects in a negative way iBGP, BGP being a unicast protocol.
>>
>> Thanks,
>> john
>>
>> >> Hello John:
>> >>
>> >>
>> >> On 11/30/08 10:32 AM, "mm-tech" <mm at math.pub.ro> wrote:
>> >>
>> >> <snip>
>> >>
>> >>> The issue is after I configure the iBGP relationship between Router1
>> >>> and
>> >>> Router2: connectivity to the 62.217.X.X/29 subnet on Router1 is
>> lost.
>> >>> It
>> >>> cannot be pinged anymore from outside. The 91.195.X.X/23 is
>> announced
>> >>> correctly through both ISPs and any IP in this /23 subnet is
>> pingable
>> >>> from
>> >>> outside. They only problem is with the 62.217.X.X/29 block that
>> becomes
>> >>> unreachable after configuring the iBGP relationship and I don't
>> >>> understand
>> >>> why this is happening.
>> >>>
>> >>> Sorry for the long post and I hope you'll give me some hints -:)
>> >>>
>> >>> Thanks,
>> >>> John
>> >>>
>> >>
>> >> How is the /29 configured on router 1?  If it's being statically
>> routed
>> >> from
>> >> your ISP, then you need to have it in your IGP somehow.  Something
>> >> simple
>> >> would be:
>> >>
>> >> Interface x/x
>> >> Ip address 62.217.x.x 255.255.255.248
>> >>
>> >> Router ospf 10
>> >> Redistribute connected subnets
>> >>
>> >> More information is needed, I'm afraid.
>> >>
>> >> Regards,
>> >>
>> >> Mike
>> >>
>> >>
>> > Yes, the /29 subnet is configured on Router1 on a SVI interface. I
>> haven't
>> > tried to put this /29 into my IGP. I'll try that and I'll let you know
>> > guys.
>> >
>> > Iy you need more info, please let me know...
>> >
>> > Thanks,
>> > john
>> >
>> >
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list