Advertising ipv4 routes via ipv6 bgp peers
Hello,
I have established IPV6 bgp sessions with ipv6 prefix-list filter. But ipv4 routes were advertised over this bgp session. Do I I need special configuration under address family or ipv4 prefix-list filters required ?
Note : the config was IBGP between 7200 routers and 6509 core switches.
Thank you all
Nael
Hi Nael,
This is because address-family ipv4 unicast gets activated by default when you configure a new neighbor in BGP. You either need to configure "no bgp default ipv4-unicast" or go under address-family ipv4 unicast and do a "no neighbor" for the ipv6 neighbor.
Hope this helps
Similar Messages
-
I read http://blog.ipexpert.com/2010/11/08/bgp-peering-and-default-routes/ and understood that BGP speaker will not initiate BGP connection with the other BGP router if it can reach it via default route only...And BGP peering will not come up at all if both the BGP speakers know each other via default routes only....I could not understand the reason behind this though...Could any expert help me in understanding the underlying reasoning?
I can't think of a reason why you would want to peer with a router you don't have a route for. If you're relying on a default route for a multi-hop bgp peer session, it could cause the session to be unreliable due to changes in the network down the line from you. An unreliable bgp session would be bad on the router's cpu/memory if the session were to flap.
-
CSM: Is it possible to access IPv4 server farms via IPv6 vIP?
Dear all
Before we start a more extensive testing programme I would like to ask the experts whether or not it should be possible to access already existing server farms (with IPv4 vIP) via an additional IPv6 vIP configured on the load balancer.
The system in question is 6509 with Sup720 and CSM WS-X6066-SLB-APC.
The idea is simple: Take an existing server farm (running completely on v4) and add an additional v6 vIP on the load balancer without the need to change the actual v4 networking behind the load balancer.
Might this work (at least for some protocols like http, ftp, etc.)?
Any "yes" or "no" or "maybe" or "with restrictions" appreciated.;)
Thanks in advance,
GrischaFairly sure this isn't possible. Unless I've missed something, the CSM doesn't support IPv6 at all. Even if it did, I don't think a v6 VIP to a v4 real would work. The only place I've seen this work was on a NetScaler, because the NetScaler holds independent connections open to the client and to the servers as a HTTP proxy, passing the request between the two. I forget how the ACE operates; it may be able to act as a proxy, but don't think it supports v6 either.
v6 support on CSMs would be totally awesome, but I'm not holding my breath. -
Hi,
I have two MPLS links from two different ISPs are terminating on a single router and eBGP is configured between PEs and CE router. We have some sites are connecting via 1st IPS's MPLS link and some other sites are connecting via 2nd Mpls link from 2nd ISP. But terminating on same CE Router.
I am worried about, how do I confirm traffic from 1st link of 1st ISP should not leak to 2nd link from 2nd ISP and vise versa. And also for forwarding traffic should maintain this.
Please give me some idea on this.Hi,
if you want to keep the MPLS clouds separated, just check carefully which prefixes you are advertising to each MPLS provider from your HQ site by the CE router peering to both.
If you advertise only the local site prefixes (with an empty AS_PATH), each provider will not get the prefixes from the other provider and your HQ will be reachable from both MPLS clouds.
You can easily configure
ip as-path access-list 1 permit ^$
route-map local_only permit 10
match as-path 1
router bgp ...
nei x.x.x.x route-map local_only out
nei y.y.y.y route-map local_only out
on your HQ CE router.
If you are not advertising default route or something similar from your HQ to the MPLS providers, only traffic with destination = your HQ should be delivered to your CE router.
Best regards,
Milan -
How many BGP peers does the 3548 switch support?
Is it possible to run more than 40 peers on a single switch? What is the limitation if not?
Hi ,
You can have 40 BGP peers , IPV4 unicast routes handled by hardware is only 24000 .Enusre all your BGP peering routing updates is within this limits .
http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3548-switch/data_sheet_c78-707001.html
Table 7. Hardware Specifications Common to Both Switches
Mode
Normal Mode
Warp Mode
Hardware tables and scalability
Number of MAC addresses
64,000
8000
Number of IPv4 unicast routes
24,000
4000
Number of IPv4 hosts
64,000
8000
Number of IPv4 multicast routes
8000
8000
Number of VLANS
4096
Number of ACL entries
4096
Number of spanning-tree instances
Rapid Spanning Tree Protocol (RSTP): 512
Multiple Spanning Tree (MST) Protocol: 64
Number of EtherChannels
24
Number of ports per EtherChannel
24
Buffer size
6 MB shared among 16 ports; 18 MB total
Boot flash memory
2 GB
HTH
Sandy -
Assistance Needed: Inter-VRF Routing with MP-BGP
hello everyone,
I've been trying to solve a problem for over a day regarding inter-vrf routing using MP-BGP and I can't seem to figure a few things out.
I have Cisco 1921 which has VRF-JLAN and VRF-JGLOBE with 3 interfaces configured as (g0/0 = vrf JLAN, g0/1=no vrf, g0/2 = dot1q trunk to 2960S). vrf JLAN is a restricted network for users access, dns server, e.t.c. vrf JGLOBE is for Video server and global routing table belongs to Wifi Access. I've been able to seperate all the network and I can route traffic out to the Internet from vrf JLAN and the global route table but where I'm having issues is getting vrf JGLOBE to route traffic using the Global route table.
For example: vrf JLAN should not be accessed by either Global or vrf JGLOBE. JGLOBE should be able to access vrf JLAN dns server but it should route its internet traffic via Global route table (g0/1). Last JLAN should be able to access 2 networks from the Global route table.
I've attached my config and diagram so you can better understand what I'm trying to achieve. More light to solving this problem would be much appreciated.
ip vrf JGLOBE
rd 65001:2
export map WIFI
route-target export 65001:2
ip vrf JLAN
rd 65001:1
import ipv4 unicast map C-GLOBAL
route-target export 65001:1
route-target import 65001:1
route-target import 65001:2
interface GigabitEthernet0/0
description LAN-ACCESS-INTERNET [TO Nexthop FIREWALL]
ip vrf forwarding JLAN
ip address 192.168.4.3 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip inspect INTERNET-FW out
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
interface GigabitEthernet0/1
description GLOBAL-Wifi-INTERNET [TO Nexthop - FIREWALL]
ip address 192.168.5.3 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip inspect GLOBAL-FW in
ip inspect GLOBAL-FW out
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
interface GigabitEthernet0/2.3
description Users LAN
encapsulation dot1Q 3
ip vrf forwarding JLAN
ip address 192.168.30.1 255.255.255.240
interface GigabitEthernet0/2.4
description Video Server
encapsulation dot1Q 4
ip vrf forwarding JGLOBE
ip address 10.6.40.1 255.255.255.0
router ospf 1 vrf JLAN
router-id 10.6.6.10
redistribute bgp 65001 subnets
network 0.0.0.0 255.255.255.255 area 0
router ospf 2 vrf JGLOBE
router-id 10.5.7.10
redistribute bgp 65001 subnets
network 0.0.0.0 255.255.255.255 area 0
router bgp 65001
bgp router-id 10.4.6.4
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
address-family ipv4
redistribute connected
exit-address-family
address-family ipv4 vrf JGLOBE
redistribute connected
redistribute ospf 2
exit-address-family
address-family ipv4 vrf JLAN
redistribute connected
redistribute ospf 1
exit-address-family
ip dns view vrf JGLOBE default
ip dns view vrf JLAN default
ip route 0.0.0.0 0.0.0.0 192.168.5.1
ip route vrf JGLOBE 0.0.0.0 0.0.0.0 GigabitEthernet0/1 192.168.5.1
ip route vrf JLAN 0.0.0.0 0.0.0.0 192.168.4.1 name LAN_INET
ip prefix-list GLOBAL-INET seq 5 permit 0.0.0.0/0
ip prefix-list SERVER-NET seq 5 permit 10.6.40.2/32
ip prefix-list WIFI-NET seq 5 permit 10.254.0.0/22 le 32Hi Matt
Yes the X/32 routes needs to be present in the VRF Routing-Table and if they are to be learnt statically then the MP-iBGP config for that particular VRF address-family has to redistribute static routes as well.
Regards
Varma -
Does a route-policy override BGP split-horizon rule in IOS-XR?
If I receive a default route from a non-client, can I turn around and send it to another non client if I have the following applied to the non-client?
prefix-set send-default
0.0.0.0/0
end-set
route-policy DEFAULT-POLICY
if destination in send-default then
pass
else
drop
endif
end-policy
neighbor-group BLAH
remote-as XXXXX
password encrypted XXXXXXX
description iBGP to Decryptors
update-source Loopback0
address-family ipv4 unicast
route-policy DEFAULT-POLICY out
soft-reconfiguration inbound always
neighbor X.X.X.X
use neighbor-group BLAH
endHi Carlopez,
For BGP to inject a default rotue you need the "default-information originate" command, unfortunately, you can't redistribute or regenerate a route via the RPL method you described.
regards
xander -
Hello Guys
I have a scenario where I would like to have your insights.
1. Client having Main site and DR site connected to same ISP with public IP line.
2. The client has acquired a public IP block (/24) and would like to use same on both main and DR sites.
Would this be possible through BGP? How can we advertise the same IP block on 2 sites?
The sites need to be in an active-active scenario.
ThanksDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
If you're going to advertize the same address block, from two different BGP peers, whether to the same ISP or different ISPs, the expectation is, you can get to or from that address block along either path. I.e. you need an "internal" path between your two BGP peers. Otherwise, the "critical" BGP path fails, you continue to advertize an address block that's unreachable.
There's no need to split your block unless you were trying to manually load balance using your two paths.
As another poster noted, you might have asymmetrical routing (depending on path costing), but from a pure L3 perspective it doesn't matter. It can, though, matter to stateful devices like firewalls. The latter might be addressed by firewalls at both sites sharing state information. -
Cisco BGP Peering Between 2 ISP
Hi Cisco People,
Just have a question with BGP peering in Cisco's. I have two ISP's which I am peering against for an active and standby configuration. I would like to know if there is a way to configure some sort of 'dead-peer detection' on the router to monitor a public IP address in the event of an ISP failure. I want to find a way to dynamically failover the link in the event of failure when losing pings to an external address.
Regards
ChrisChris
Dead Peer Detection is one of the functions performed by BGP. If the peer goes dead then BGP will detect it and will withdraw routes learned from that peer from the routing table.
What you describe about monitoring a public address is more about validating that the ISP routing logic is learning and advertising appropriate routes than it is about detecting if a peer has gone dead. I would think that this is possible - but a bit complex. I would think that you could configure IP SLA to track some public address (the tricky bit here is to make sure that you are tracking through ISP1 and not using ISP2 for this). Then you should be able to configure EEM to watch the track and if the route is lost to make appropriate changes in BGP to force the failover.
HTH
Rick -
No BGP Peering between CE and PE
Still in the process of modeling the MPLS network that we currently have with one of our Service Providers.
At this point I have placed the same config on the Lab CE's that exist in our production network. I have also followed Cisco Documentation to configure the PE routers, however I cannot get the CE to PE BGP peering.
What am I missing?
*CE Router*
nterface Loopback0
ip address 10.18.0.8 255.255.255.255
interface FastEthernet0/0
ip address 68.139.201.30 255.255.255.252
duplex half
interface FastEthernet1/0
no ip address
shutdown
duplex half
interface FastEthernet1/1
no ip address
shutdown
duplex half
interface FastEthernet2/0
no ip address
duplex full
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 68.139.201.29 remote-as 65000
*PE Router*
ip vrf vpn-mtb
rd 1:100
route-target export 1:100
route-target import 1:100
no ip domain lookup
mpls label protocol ldp
tag-switching tdp router-id Loopback0
interface Loopback0
ip address 68.2.0.1 255.255.255.252
interface FastEthernet0/0
ip address 68.2.1.2 255.255.255.252
duplex auto
speed auto
tag-switching ip
interface FastEthernet1/0
ip vrf forwarding vpn-mtb
ip address 68.139.201.29 255.255.255.252
duplex auto
speed auto
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
router ospf 1
router-id 68.2.0.1
log-adjacency-changes
network 68.0.0.0 0.255.255.255 area 0
router bgp 65000
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 68.2.0.3 remote-as 65000
neighbor 68.2.0.3 update-source Loopback0
no auto-summary
address-family vpnv4
neighbor 68.2.0.3 activate
neighbor 68.2.0.3 send-community extended
exit-address-family
address-family ipv4 vrf vpn-mtb
redistribute connected
neighbor 68.139.201.30 remote-as 1
neighbor 68.139.201.30 activate
neighbor 68.139.201.30 as-override
no auto-summary
no synchronization
exit-address-familyHere are the command outputs:
PE#show ip bgp vpnv4 all summary
BGP router identifier 68.2.0.1, local AS number 65000
BGP table version is 3, main routing table version 3
1 network entries using 137 bytes of memory
1 path entries using 64 bytes of memory
3/1 BGP path/bestpath attribute entries using 348 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 573 total bytes of memory
BGP activity 3/0 prefixes, 3/0 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
68.2.0.3 4 65000 0 0 0 0 0 never Active
68.139.201.30 4 1 29 29 0 0 0 never Active
CE#show ip bgp summary
BGP router identifier 68.2.0.1, local AS number 1
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
68.139.201.29 4 65000 4246 4246 0 0 0 never Active -
Question. Best practice is to configure iBGP via loopback interface. My question is, is that valid statement for scenario where two BGP peers are seperated by a firewall?
Hello Mateuz,
iBGP allows for a TTL=255 in the BGP packets so the added hop caused by the firewall is not a problem for the iBGP session.
if the session were eBGP you would need to tune the ebgp-multihop to take care of the FW hop.
Hope to help
Giuseppe -
Inbound IPV6 BGP Filterlists for ISP
Hi people,
I work for an company that is a tier2 ISP, we get full table transit from two tier 1 providers, we have recently gone with dual stack IPV4/6 and have the IPV6 BGP connection up from the teir1's but have no idea what to use for inbound prefix list filters.
Can anyone give me a current upto date IPv6 prefix list we can use to filter out potential troublesome traffic from upstream?
Many thanks.Hi Matthew,
You might want to start with the Team CYMRU website. There are some excellent reference on that site about ipv4 and ipv6 filtering. They have been maintaning the ipv4 bogon list for many years and are considered a reference in the ISP community.
http://www.team-cymru.org/ReadingRoom/Templates/IPv6Routers/
Regards -
IPV6 BGP and Neighbor Discovery
My understanding of IPv6 may not be accurate, so if there are any incorrect statements, please correct them.
We have a requirement that prohibits FE80::/10 addresses from passing from end sites to the provider network. FE80::/10 are the IPv6 link-local addresses. Since link-local addresses are required Neighbor Discovery Protocol, this blocks those operations that are part of it.
The sites use BGP with the provider network, so can IPv6 BGP work without link-local addresses? Is Neighbor Discovery necessary for reachability between BGP peers?(The below messgage is just to address the concern whether blocking LL breaks all ND, it does not tie into rest of BGP configuration)
Larry,
Speaking of ND only... RFC (4861) only mandates that source IP is assigned address
http://tools.ietf.org/html/rfc4861#section-4.3
It does not mandate link-local, I have not read the updated RFC.
I did a simple test with two devices with assigned IP addresses.
Spoke2#ping vrf VRF 2001:db8::1 re 1Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 2001:DB8::1, timeout is 2 seconds:!Success rate is 100 percent (1/1), round-trip min/avg/max = 9/9/9 msSpoke2#*Nov 27 13:27:43.246: IPv6-Fwd: Destination lookup for 2001:DB8::1 : i/f=Ethernet0/0, nexthop=2001:DB8::1*Nov 27 13:27:43.246: IPv6-Fwd: SAS picked source 2001:DB8::FFFF for 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.246: ICMPv6: Sent echo request, Src=2001:DB8::FFFF, Dst=2001:DB8::1*Nov 27 13:27:43.246: IPV6: source 2001:DB8::FFFF (local)*Nov 27 13:27:43.246: dest 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.246: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating*Nov 27 13:27:43.246: IPv6-Fwd: Created tmp mtu cache entry for 2001:DB8::FFFF 2001:DB8::1 1E000001*Nov 27 13:27:43.246: IPv6-Fwd: Encapsulation postponed, performing resolution*Nov 27 13:27:43.250: ICMPv6: Sent N-Solicit, Src=2001:DB8::FFFF, Dst=FF02::1:FF00:1*Nov 27 13:27:43.250: IPV6: source 2001:DB8::FFFF (local)*Nov 27 13:27:43.250: dest FF02::1:FF00:1 (Ethernet0/0)*Nov 27 13:27:43.250: traffic class 224, flow 0x0, len 72+0, prot 58, hops 255, originating*Nov 27 13:27:43.250: IPv6-Fwd: Sending on Ethernet0/0*Nov 27 13:27:43.255: IPv6-Fwd: Destination lookup for 2001:DB8::FFFF : Local, i/f=Ethernet0/0, nexthop=2001:DB8::FFFF*Nov 27 13:27:43.255: IPV6: source 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.255: dest 2001:DB8::FFFF (Ethernet0/0)Spoke2#*Nov 27 13:27:43.255: traffic class 224, flow 0x0, len 72+14, prot 58, hops 255, forward to ulp*Nov 27 13:27:43.255: ICMPv6: Received N-Advert, Src=2001:DB8::1, Dst=2001:DB8::FFFF*Nov 27 13:27:43.255: IPv6-Fwd: Sending on Ethernet0/0*Nov 27 13:27:43.255: IPv6-Fwd: Destination lookup for 2001:DB8::FFFF : Local, i/f=Ethernet0/0, nexthop=2001:DB8::FFFF*Nov 27 13:27:43.255: IPV6: source 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.255: dest 2001:DB8::FFFF (Ethernet0/0)*Nov 27 13:27:43.255: traffic class 0, flow 0x0, len 100+14, prot 58, hops 64, forward to ulp*Nov 27 13:27:43.255: ICMPv6: Received echo reply, Src=2001:DB8::1, Dst=2001:DB8::FFFF
M.
Message was edited by: Marcin Latosiewicz, edited for clarity. -
Does a Router support 2 BGP As in one router
Does a Router support 2 BGP As in one router. I have gone through the below Cisco page, however my router is not allowing to enter the second AS in the router, it is giving the error as usual " BGP is already running; AS is XX" .
http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fsbgpdas.html#wp1056689
My Router :- Cisco 3845
IOS Version :- c3845-advipservicesk9-mz.124-24.T8.binHi,
You can not run multiple BGP processes on a single router with each of them being in a separate AS. What you can do, and the link in your post explains that, is that towards a particular eBGP neighbor, you can use the neighbor local-as command to appear to be in a different AS than the one you really are in. So you do not start two BGP processes, you just make your single BGP process to appear to use a different ASN on a particular eBGP peering.
Best regards,
Peter -
ISP BGP peering with HSRP for redundancy
we have a router7507, BGP peering to one ISP. Now, we need a router redundancy solution.
I want to use HSRP in the BGP peering interface, because the ISP only peering us a IP address, I have to use HSRP on two router interfaces, and use HSRP virtual IP to peer the ISP, do you think this solution is working, or some troubles, will BGP work fine with HSRP interfaces?
thanks.yes BGP works fine with HSRP interface.Here is some sample configurations for your reference.
Router A Configuration (ISP Router):
interface ethernet 0
ip address
standby 1 ip (The ip should be same as above command)
standby 1 priority 110
standby 1 track Serial0.100
standby 1 preempt
Router B Configuration (client Router):
interface ethernet 0
ip address
standby 1 ip (The ip should be same as ISPs address>
standby 1 priority 105
standby 1 track Serial0.100
standby 1 preempt
Maybe you are looking for
-
Error while invoking a Web Service from a Web Application in Websphere 5.1
Hi, I get the following error when i try to connec to a Webservice on Weblogic server. Can anybody help me in determinig the reason for the error- faultCode: Server.generalException faultString: org.xml.sax.SAXException: WSWS3047E: Error: Cannot dese
-
Itunes 9.1 not compatable with XP?
Tried to download 9.1 and keep getting error message that says: The software you are installing has not passed Windows Logo testing to verify its compatibility with Windows XP. Continuing installation of this software may impair or destabilize operat
-
Next Song Button - Stops the song and does not advance to the next song
I just loaded 8.0.2.20. Now I cannot use the ">>" next song button. I've tried many playlists and rebooted the system - no luck. If song 1 in my playlist is playing and I click on the next song button, song 1 stops, song 1 remains highlighted in the
-
Smart playlists alphabetical by artist
I just got a new 160 GB classic, and the smart playlist that has only 0 playcount songs will let me arrange them however I want on iTunes, but after synching the podcasts get shoved to the bottom on the iPod, and all the songs at the top list sort al
-
When I click things it acts like I right click, when I scroll with the wheel it zooms in, when I type things it doesnt type over half the keys, when I open windows it opens them slowly, and I just don't know what to do. When I disconnect my keyboard,