Advertising ipv4 routes via ipv6 bgp peers

Similar Messages

• BGP peering via default route

  I read http://blog.ipexpert.com/2010/11/08/bgp-peering-and-default-routes/ and understood that BGP speaker will not initiate BGP connection with the other BGP router if it can reach it via default route only...And BGP peering will not come up at all if both the BGP speakers know each other via default routes only....I could not understand the reason behind this though...Could any expert help me in understanding the underlying reasoning?

  I can't think of a reason why you would want to peer with a router you don't have a route for. If you're relying on a default route for a multi-hop bgp peer session, it could cause the session to be unreliable due to changes in the network down the line from you. An unreliable bgp session would be bad on the router's cpu/memory if the session were to flap.

• CSM: Is it possible to access IPv4 server farms via IPv6 vIP?

  Dear all
  Before we start a more extensive testing programme I would like to ask the experts whether or not it should be possible to access already existing server farms (with IPv4 vIP) via an additional IPv6 vIP configured on the load balancer.
  The system in question is 6509 with Sup720 and CSM WS-X6066-SLB-APC.
  The idea is simple: Take an existing server farm (running completely on v4) and add an additional v6 vIP on the load balancer without the need to change the actual v4 networking behind the load balancer.
  Might this work (at least for some protocols like http, ftp, etc.)?
  Any "yes" or "no" or "maybe" or "with restrictions" appreciated.;)
  Thanks in advance,
  Grischa

  Fairly sure this isn't possible.  Unless I've missed something, the CSM doesn't support IPv6 at all.  Even if it did, I don't think a v6 VIP to a v4 real would work.  The only place I've seen this work was on a NetScaler, because the NetScaler holds independent connections open to the client and to the servers as a HTTP proxy, passing the request between the two.  I forget how the ACE operates; it may be able to act as a proxy, but don't think it supports v6 either.
  v6 support on CSMs would be totally awesome, but I'm not holding my breath.

• Route restriction on BGP

  Hi,
  I have two MPLS links from two different ISPs are terminating on a single router and eBGP is configured between PEs and CE router.  We have some sites are connecting via 1st IPS's MPLS link and some other sites are connecting via 2nd Mpls link from 2nd ISP.  But terminating on same CE Router.
  I am worried about, how do I confirm traffic from 1st link of 1st ISP should not leak to 2nd link from 2nd ISP and vise versa.  And also for forwarding traffic should maintain this.
  Please give me some idea on this.

  Hi,
  if you want to keep the MPLS clouds separated, just check carefully which prefixes you are advertising to each MPLS provider from your HQ site by the CE router peering to both.
  If you advertise only the local site prefixes (with an empty AS_PATH), each provider will not get the prefixes from the other provider and your HQ will be reachable from both MPLS clouds.
  You can easily configure
  ip as-path access-list 1 permit ^$
  route-map local_only permit 10
  match as-path 1
  router bgp ...
  nei x.x.x.x route-map local_only out
  nei y.y.y.y route-map local_only out
  on your HQ CE router.
  If you are not advertising default route or something similar from your HQ to the MPLS providers, only traffic with destination = your HQ should be delivered to your CE router.
  Best regards,
  Milan

• How many BGP peers does the 3548 switch support?

  Is it possible to run more than 40 peers on a single switch? What is the limitation if not?

  Hi ,
   You can have 40 BGP peers , IPV4 unicast routes handled by hardware is only 24000 .Enusre all your BGP peering routing updates is within this limits . 
  http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3548-switch/data_sheet_c78-707001.html
  Table 7. Hardware Specifications Common to Both Switches
  Mode
  Normal Mode
  Warp Mode
  Hardware tables and scalability
  Number of MAC addresses
  64,000
  8000
  Number of IPv4 unicast routes
  24,000
  4000
  Number of IPv4 hosts
  64,000
  8000
  Number of IPv4 multicast routes
  8000
  8000
  Number of VLANS
  4096
  Number of ACL entries
  4096
  Number of spanning-tree instances
  Rapid Spanning Tree Protocol (RSTP): 512
  Multiple Spanning Tree (MST) Protocol: 64
  Number of EtherChannels
  24
  Number of ports per EtherChannel
  24
  Buffer size
  6 MB shared among 16 ports; 18 MB total
  Boot flash memory
  2 GB
  HTH
  Sandy

• Assistance Needed: Inter-VRF Routing with MP-BGP

  hello everyone,
  I've been trying to solve a problem for over a day regarding inter-vrf routing using MP-BGP and I can't seem to figure a few things out.
  I have Cisco 1921 which has VRF-JLAN and VRF-JGLOBE with 3 interfaces configured as (g0/0 = vrf JLAN, g0/1=no vrf, g0/2 = dot1q trunk to 2960S). vrf JLAN is a restricted network for users access, dns server, e.t.c. vrf JGLOBE is for Video server and global routing table belongs to Wifi Access. I've been able to seperate all the network and I can route traffic out to the Internet from vrf JLAN and the global route table but where I'm having issues is getting vrf JGLOBE to route traffic using the Global route table.
  For example: vrf JLAN should not be accessed by either Global or vrf JGLOBE. JGLOBE should be able to access vrf JLAN dns server but it should route its internet traffic via Global route table (g0/1). Last JLAN should be able to access 2 networks from the Global route table.
  I've attached my config and diagram so you can better understand what I'm trying to achieve. More light to solving this problem would be much appreciated.
  ip vrf JGLOBE
   rd 65001:2
   export map WIFI
   route-target export 65001:2
  ip vrf JLAN
   rd 65001:1
   import ipv4 unicast map C-GLOBAL
   route-target export 65001:1
   route-target import 65001:1
   route-target import 65001:2
  interface GigabitEthernet0/0
   description LAN-ACCESS-INTERNET [TO Nexthop FIREWALL]
   ip vrf forwarding JLAN
   ip address 192.168.4.3 255.255.255.248
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   ip flow egress
   ip inspect INTERNET-FW out
   ip virtual-reassembly in
   load-interval 30
   duplex auto
   speed auto
  interface GigabitEthernet0/1
   description GLOBAL-Wifi-INTERNET [TO Nexthop - FIREWALL]
   ip address 192.168.5.3 255.255.255.248
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   ip flow egress
   ip inspect GLOBAL-FW in
   ip inspect GLOBAL-FW out
   ip virtual-reassembly in
   load-interval 30
   duplex auto
   speed auto
  interface GigabitEthernet0/2
   no ip address
   duplex auto
   speed auto
  interface GigabitEthernet0/2.3
   description Users LAN
   encapsulation dot1Q 3
   ip vrf forwarding JLAN
   ip address 192.168.30.1 255.255.255.240
  interface GigabitEthernet0/2.4
   description Video Server
   encapsulation dot1Q 4
   ip vrf forwarding JGLOBE
   ip address 10.6.40.1 255.255.255.0
  router ospf 1 vrf JLAN
   router-id 10.6.6.10
   redistribute bgp 65001 subnets
   network 0.0.0.0 255.255.255.255 area 0
  router ospf 2 vrf JGLOBE
   router-id 10.5.7.10
   redistribute bgp 65001 subnets
   network 0.0.0.0 255.255.255.255 area 0
  router bgp 65001
   bgp router-id 10.4.6.4
   bgp log-neighbor-changes
   bgp graceful-restart restart-time 120
   bgp graceful-restart stalepath-time 360
   bgp graceful-restart
   address-family ipv4
    redistribute connected
   exit-address-family
   address-family ipv4 vrf JGLOBE
    redistribute connected
    redistribute ospf 2
   exit-address-family
   address-family ipv4 vrf JLAN
    redistribute connected
    redistribute ospf 1
   exit-address-family
  ip dns view vrf JGLOBE default
  ip dns view vrf JLAN default
  ip route 0.0.0.0 0.0.0.0 192.168.5.1
  ip route vrf JGLOBE 0.0.0.0 0.0.0.0 GigabitEthernet0/1 192.168.5.1
  ip route vrf JLAN 0.0.0.0 0.0.0.0 192.168.4.1 name LAN_INET
  ip prefix-list GLOBAL-INET seq 5 permit 0.0.0.0/0
  ip prefix-list SERVER-NET seq 5 permit 10.6.40.2/32
  ip prefix-list WIFI-NET seq 5 permit 10.254.0.0/22 le 32

  Hi Matt
  Yes the X/32 routes needs to be present in the VRF Routing-Table and if they are to be learnt statically then the MP-iBGP config for that particular VRF address-family has to redistribute static routes as well.
  Regards
  Varma

• Does a route-policy override BGP split-horizon rule in IOS-XR?

  If I receive a default route from a non-client, can I turn around and send it to another non client if I have the following applied to the non-client?
  prefix-set send-default
    0.0.0.0/0
  end-set
  route-policy DEFAULT-POLICY
    if destination in send-default then
      pass
    else
      drop
    endif
  end-policy
   neighbor-group BLAH
    remote-as XXXXX
    password encrypted XXXXXXX
    description iBGP to Decryptors
    update-source Loopback0
    address-family ipv4 unicast
     route-policy DEFAULT-POLICY out
     soft-reconfiguration inbound always
   neighbor X.X.X.X
    use neighbor-group BLAH
  end

  Hi Carlopez,
  For BGP to inject a default rotue you need the "default-information originate" command, unfortunately, you can't redistribute or regenerate a route via the RPL method you described.
  regards
  xander

• BGP peering with ISP

  Hello Guys
  I have a scenario where I would like to have your insights.
  1. Client having Main site and DR site connected to same ISP with public IP line.
  2. The client has acquired a public IP block (/24) and would like to use same on both main and DR sites.
  Would this be possible through BGP? How can we advertise the same IP block on 2 sites?
  The sites need to be in an active-active scenario.
  Thanks

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  If you're going to advertize the same address block, from two different BGP peers, whether to the same ISP or different ISPs, the expectation is, you can get to or from that address block along either path.  I.e. you need an "internal" path between your two BGP peers.  Otherwise, the "critical" BGP path fails, you continue to advertize an address block that's unreachable.
  There's no need to split your block unless you were trying to manually load balance using your two paths.
  As another poster noted, you might have asymmetrical routing (depending on path costing), but from a pure L3 perspective it doesn't matter.  It can, though, matter to stateful devices like firewalls.  The latter might be addressed by firewalls at both sites sharing state information.

• Cisco BGP Peering Between 2 ISP

  Hi Cisco People,
  Just have a question with BGP peering in Cisco's. I have two ISP's which I am peering against for an active and standby configuration. I would like to know if there is a way to configure some sort of 'dead-peer detection' on the router to monitor a public IP address in the event of an ISP failure. I want to find a way to dynamically failover the link in the event of failure when losing pings to an external address.
  Regards
  Chris

  Chris
  Dead Peer Detection is one of the functions performed by BGP. If the peer goes dead then BGP will detect it and will withdraw routes learned from that peer from the routing table.
  What you describe about monitoring a public address is more about validating that the ISP routing logic is learning and advertising appropriate routes than it is about detecting if a peer has gone dead. I would think that this is possible - but a bit complex. I would think that you could configure IP SLA to track some public address (the tricky bit here is to make sure that you are tracking through ISP1 and not using ISP2 for this). Then you should be able to configure EEM to watch the track and if the route is lost to make appropriate changes in BGP to force the failover.
  HTH
  Rick

• No BGP Peering between CE and PE

  Still in the process of modeling the MPLS network that we currently have with one of our Service Providers.
  At this point I have placed the same config on the Lab CE's that exist in our production network. I have also followed Cisco Documentation to configure the PE routers, however I cannot get the CE to PE BGP peering.
  What am I missing?
  *CE Router*
  nterface Loopback0
  ip address 10.18.0.8 255.255.255.255
  interface FastEthernet0/0
  ip address 68.139.201.30 255.255.255.252
  duplex half
  interface FastEthernet1/0
  no ip address
  shutdown
  duplex half
  interface FastEthernet1/1
  no ip address
  shutdown
  duplex half
  interface FastEthernet2/0
  no ip address
  duplex full
  router bgp 1
  no synchronization
  bgp log-neighbor-changes
  neighbor 68.139.201.29 remote-as 65000
  *PE Router*
  ip vrf vpn-mtb
  rd 1:100
  route-target export 1:100
  route-target import 1:100
  no ip domain lookup
  mpls label protocol ldp
  tag-switching tdp router-id Loopback0
  interface Loopback0
  ip address 68.2.0.1 255.255.255.252
  interface FastEthernet0/0
  ip address 68.2.1.2 255.255.255.252
  duplex auto
  speed auto
  tag-switching ip
  interface FastEthernet1/0
  ip vrf forwarding vpn-mtb
  ip address 68.139.201.29 255.255.255.252
  duplex auto
  speed auto
  interface FastEthernet2/0
  no ip address
  shutdown
  duplex auto
  speed auto
  router ospf 1
  router-id 68.2.0.1
  log-adjacency-changes
  network 68.0.0.0 0.255.255.255 area 0
  router bgp 65000
  no synchronization
  bgp log-neighbor-changes
  redistribute connected
  neighbor 68.2.0.3 remote-as 65000
  neighbor 68.2.0.3 update-source Loopback0
  no auto-summary
  address-family vpnv4
  neighbor 68.2.0.3 activate
  neighbor 68.2.0.3 send-community extended
  exit-address-family
  address-family ipv4 vrf vpn-mtb
  redistribute connected
  neighbor 68.139.201.30 remote-as 1
  neighbor 68.139.201.30 activate
  neighbor 68.139.201.30 as-override
  no auto-summary
  no synchronization
  exit-address-family

  Here are the command outputs:
  PE#show ip bgp vpnv4 all summary
  BGP router identifier 68.2.0.1, local AS number 65000
  BGP table version is 3, main routing table version 3
  1 network entries using 137 bytes of memory
  1 path entries using 64 bytes of memory
  3/1 BGP path/bestpath attribute entries using 348 bytes of memory
  1 BGP extended community entries using 24 bytes of memory
  0 BGP route-map cache entries using 0 bytes of memory
  0 BGP filter-list cache entries using 0 bytes of memory
  BGP using 573 total bytes of memory
  BGP activity 3/0 prefixes, 3/0 paths, scan interval 15 secs
  Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
  68.2.0.3 4 65000 0 0 0 0 0 never Active
  68.139.201.30 4 1 29 29 0 0 0 never Active
  CE#show ip bgp summary
  BGP router identifier 68.2.0.1, local AS number 1
  BGP table version is 1, main routing table version 1
  Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
  68.139.201.29 4 65000 4246 4246 0 0 0 never Active

• BGP peering

  Question. Best practice is to configure iBGP via loopback interface. My question is, is that valid statement for scenario where two BGP peers are seperated by a firewall?

  Hello Mateuz,
  iBGP allows for a TTL=255 in the BGP packets so the added hop caused by the firewall is not a problem for the iBGP session.
  if the session were eBGP you would need to tune the ebgp-multihop to take care of the FW hop.
  Hope to help
  Giuseppe

• Inbound IPV6 BGP Filterlists for ISP

  Hi people,
  I work for an company that is a tier2 ISP, we get full table transit from two tier 1 providers, we have recently gone with dual stack IPV4/6 and have the IPV6 BGP connection up from the teir1's but have no idea what to use for inbound prefix list filters.
  Can anyone give me a current upto date IPv6 prefix list we can use to filter out potential troublesome traffic from upstream?
  Many thanks.

  Hi Matthew,
  You might want to start with the Team CYMRU website. There are some excellent reference on that site about ipv4 and ipv6 filtering. They have been maintaning the ipv4 bogon list for many years and are considered a reference in the ISP community.
  http://www.team-cymru.org/ReadingRoom/Templates/IPv6Routers/
  Regards

• IPV6 BGP and Neighbor Discovery

  My understanding of IPv6 may not be accurate, so if there are any incorrect statements, please correct them.
  We have a requirement that prohibits FE80::/10 addresses from passing from end sites to the provider network.  FE80::/10 are the IPv6 link-local addresses.  Since link-local addresses are required Neighbor Discovery Protocol, this blocks those operations that are part of it. 
  The sites use BGP with the provider network, so can IPv6 BGP work without link-local addresses?  Is Neighbor Discovery necessary for reachability between BGP peers?

  (The below messgage is just to address the concern whether blocking LL breaks all ND, it does not tie into rest of BGP configuration) 
  Larry,
  Speaking of ND only... RFC (4861) only mandates that source IP is assigned address
  http://tools.ietf.org/html/rfc4861#section-4.3
  It does not mandate link-local, I have not read the updated RFC.
  I did a simple test with two devices with assigned IP addresses.
  Spoke2#ping vrf VRF 2001:db8::1 re 1Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 2001:DB8::1, timeout is 2 seconds:!Success rate is 100 percent (1/1), round-trip min/avg/max = 9/9/9 msSpoke2#*Nov 27 13:27:43.246: IPv6-Fwd: Destination lookup for 2001:DB8::1 : i/f=Ethernet0/0, nexthop=2001:DB8::1*Nov 27 13:27:43.246: IPv6-Fwd: SAS picked source 2001:DB8::FFFF for 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.246: ICMPv6: Sent echo request, Src=2001:DB8::FFFF, Dst=2001:DB8::1*Nov 27 13:27:43.246: IPV6: source 2001:DB8::FFFF (local)*Nov 27 13:27:43.246:       dest 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.246:       traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating*Nov 27 13:27:43.246: IPv6-Fwd: Created tmp mtu cache entry for 2001:DB8::FFFF 2001:DB8::1 1E000001*Nov 27 13:27:43.246: IPv6-Fwd: Encapsulation postponed, performing resolution*Nov 27 13:27:43.250: ICMPv6: Sent N-Solicit, Src=2001:DB8::FFFF, Dst=FF02::1:FF00:1*Nov 27 13:27:43.250: IPV6: source 2001:DB8::FFFF (local)*Nov 27 13:27:43.250:       dest FF02::1:FF00:1 (Ethernet0/0)*Nov 27 13:27:43.250:       traffic class 224, flow 0x0, len 72+0, prot 58, hops 255, originating*Nov 27 13:27:43.250: IPv6-Fwd: Sending on Ethernet0/0*Nov 27 13:27:43.255: IPv6-Fwd: Destination lookup for 2001:DB8::FFFF : Local, i/f=Ethernet0/0, nexthop=2001:DB8::FFFF*Nov 27 13:27:43.255: IPV6: source 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.255:       dest 2001:DB8::FFFF (Ethernet0/0)Spoke2#*Nov 27 13:27:43.255:       traffic class 224, flow 0x0, len 72+14, prot 58, hops 255, forward to ulp*Nov 27 13:27:43.255: ICMPv6: Received N-Advert, Src=2001:DB8::1, Dst=2001:DB8::FFFF*Nov 27 13:27:43.255: IPv6-Fwd: Sending on Ethernet0/0*Nov 27 13:27:43.255: IPv6-Fwd: Destination lookup for 2001:DB8::FFFF : Local, i/f=Ethernet0/0, nexthop=2001:DB8::FFFF*Nov 27 13:27:43.255: IPV6: source 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.255:       dest 2001:DB8::FFFF (Ethernet0/0)*Nov 27 13:27:43.255:       traffic class 0, flow 0x0, len 100+14, prot 58, hops 64, forward to ulp*Nov 27 13:27:43.255: ICMPv6: Received echo reply, Src=2001:DB8::1, Dst=2001:DB8::FFFF
  M.
  Message was edited by: Marcin Latosiewicz, edited for clarity.

• Does a Router support 2 BGP As in one router

  Does a Router support 2 BGP As in one router. I have gone through the below Cisco page, however my router is not allowing to enter the second AS in the router, it is giving the error as usual " BGP is already running; AS is XX" . 
  http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fsbgpdas.html#wp1056689
  My Router :- Cisco 3845
  IOS Version :- c3845-advipservicesk9-mz.124-24.T8.bin

  Hi,
  You can not run multiple BGP processes on a single router with each of them being in a separate AS. What you can do, and the link in your post explains that, is that towards a particular eBGP neighbor, you can use the neighbor local-as command to appear to be in a different AS than the one you really are in. So you do not start two BGP processes, you just make your single BGP process to appear to use a different ASN on a particular eBGP peering.
  Best regards,
  Peter

• ISP BGP peering with HSRP for redundancy

  we have a router7507, BGP peering to one ISP. Now, we need a router redundancy solution.
  I want to use HSRP in the BGP peering interface, because the ISP only peering us a IP address, I have to use HSRP on two router interfaces, and use HSRP virtual IP to peer the ISP, do you think this solution is working, or some troubles, will BGP work fine with HSRP interfaces?
  thanks.

  yes BGP works fine with HSRP interface.Here is some sample configurations for your reference.
  Router A Configuration (ISP Router):
  interface ethernet 0
  ip address
  standby 1 ip (The ip should be same as above command)
  standby 1 priority 110
  standby 1 track Serial0.100
  standby 1 preempt
  Router B Configuration (client Router):
  interface ethernet 0
  ip address
  standby 1 ip (The ip should be same as ISPs address>
  standby 1 priority 105
  standby 1 track Serial0.100
  standby 1 preempt