[c-nsp] bgp weird issue

mm-tech mm at math.pub.ro
Thu Dec 4 16:26:28 EST 2008 

Hi again,

I've solved it by marking the default route coming from the iBGP neighbor
w/ a local-preference of 90 and now the correct route is the default one.
Is there any other more elegant solution to this issue?

thanks,
john

> Hi,
>
> Yes, I'm still trying to find out more details about rpf...
>
> But now, I ran into another issue: router1 is preferring the default route
> from router2. In other words, once the iBGP relationship is established,
> the default route (62.217.x.x) from router1 becomes router2's IP address
> (91.195.X.1). Everything works fine, but all the traffic goes out through
> router2.
>
> Do you know how can I fix this issue? I want router1 to keep its default
> route after the iBGP comes up.
>
> Thanks,
> john
>
>> hi,
>>
>> perhaps rather than just turn it off outright, investigate rpf loose?
>>
>> that will still allow you to have asymmetric traffic flows and drop
>> traffic from bogon address space.
>>
>> you may still find you get some packet loss where icmp echo replies are
>> returned from mpls interfaces that arent advertised, depending on your
>> upstream/peer networks, but imho for the most part it works just fine.
>>
>>> -----Original Message-----
>>> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
>>> bounces at puck.nether.net] On Behalf Of mm-tech
>>> Sent: Thursday, 4 December 2008 5:30 PM
>>> To: mm at math.pub.ro
>>> Cc: cisco-nsp at puck.nether.net
>>> Subject: Re: [c-nsp] bgp weird issue
>>>
>>> Hi guys,
>>>
>>> I've finally solved out the mystery with that /29 subnet being blocked
>>> after the iBGP relationship came up.
>>> It was because of the "ip verify unicast reverse-path" option enabled
>>> on
>>> Router1 on the interfaces connecting the router to the ISPA.
>>> I had this option enabled to prevent ip spoofing, but it seems that it
>>> affects in a negative way iBGP, BGP being a unicast protocol.
>>>
>>> Thanks,
>>> john
>>>
>>> >> Hello John:
>>> >>
>>> >>
>>> >> On 11/30/08 10:32 AM, "mm-tech" <mm at math.pub.ro> wrote:
>>> >>
>>> >> <snip>
>>> >>
>>> >>> The issue is after I configure the iBGP relationship between
>>> Router1
>>> >>> and
>>> >>> Router2: connectivity to the 62.217.X.X/29 subnet on Router1 is
>>> lost.
>>> >>> It
>>> >>> cannot be pinged anymore from outside. The 91.195.X.X/23 is
>>> announced
>>> >>> correctly through both ISPs and any IP in this /23 subnet is
>>> pingable
>>> >>> from
>>> >>> outside. They only problem is with the 62.217.X.X/29 block that
>>> becomes
>>> >>> unreachable after configuring the iBGP relationship and I don't
>>> >>> understand
>>> >>> why this is happening.
>>> >>>
>>> >>> Sorry for the long post and I hope you'll give me some hints -:)
>>> >>>
>>> >>> Thanks,
>>> >>> John
>>> >>>
>>> >>
>>> >> How is the /29 configured on router 1?  If it's being statically
>>> routed
>>> >> from
>>> >> your ISP, then you need to have it in your IGP somehow.  Something
>>> >> simple
>>> >> would be:
>>> >>
>>> >> Interface x/x
>>> >> Ip address 62.217.x.x 255.255.255.248
>>> >>
>>> >> Router ospf 10
>>> >> Redistribute connected subnets
>>> >>
>>> >> More information is needed, I'm afraid.
>>> >>
>>> >> Regards,
>>> >>
>>> >> Mike
>>> >>
>>> >>
>>> > Yes, the /29 subnet is configured on Router1 on a SVI interface. I
>>> haven't
>>> > tried to put this /29 into my IGP. I'll try that and I'll let you
>>> know
>>> > guys.
>>> >
>>> > Iy you need more info, please let me know...
>>> >
>>> > Thanks,
>>> > john
>>> >
>>> >
>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
>

More information about the cisco-nsp mailing list