Bgp inject-map

I am confused about the use case of bgp inject-maps. If the goal is to inject specific prefixes, then why not just add an ip route <network> <next-hop> statement for more specific prefix (so that the specific prefix appears in routing table) and then add a network statement under router bgp so that the specific prefix appears in bgp table also? Could any expert help?
I was reading about the feature at https://blog.initialdraft.com/archives/3527/

Kashish
You could indeed just add more speciifc routes to the IP routing table and then configure "network ..." commands under BGP. But then because the route is always in the IP routing table it would always be advertising the more specific routes.
The BGP inject-maps feature is also known as BGP conditional advertising ie. you may only want to advertise the more specific prefixes if you are actually receiving the less specific prefix from a neighbor. Because if you stop receiving that less specific prefix then you do not want traffic coming to your router as it will be dropped.
So with BGP inject-maps you can say only advertise the more specific prefixes as long as the router is receiving the less specific prefix. If the less specific prefix is no longer received then do not advertise the more specific prefixes.
You couldnt do this if you simply added routes to the routing table.
Note i referred to less specific rather than summary route as it doesn't actually have to be a summary route ie. it could be a class C for example but you are advertiing out subnets within the class C.
Jon

Similar Messages

BGP advertise-map questions

I have a few questions pertaining to Conditional advertisements in BGP using advertise-map(s).
From the Cisco site the examples I have seen stipulate that the routes you redistribute into BGP are through the means of "network" statements.
The first question is, are you able to redistribute the route(s) you wish to control being advertised to neighboring BGP peers via an advertise-map through the "redistribute" command or must you use "network" statements?
The second question is, are you able to put a condition on more than one route that you may or may not want to advertise based on the condition you have set. In otherwords as an example I want to allow around 30 routes to be advertised towards a BGP peer if a certain route exists in the BGP routing table. For this I will obviously need to use an advertise-map with the exist-map statement. Is it possible to have this condition set on the 30 routes?

Advertise-map are only related to what is sent out of the router. They really don't care how the route got into the router. You can use either network statements or the redistribution command to get them into the bgp routing table.
I don't know what the limit is on how many addreses you can put in the route-map used for conditional advertisement but it is much more than 30. It would just be in worse case a access list that had 30 entries.
The conditional advertisement is not really any different than a normal route-map filter. You just build a access list or prefix list that matches any address you want to allow. You do it the same way as if you were building a normal route-map that allow certain routes all the time. The only thing really special is when it is applied not how you create it.

BGP icmp Message:BGP: Applying map to find origin for x.x.5.0/24

I've put what I hope is the relevant portions of the config in the body here. I'm curious about the message as this router is supposed to be the origin for the subnet in the first place?
interface Vlan99
ip address x.x.5.1 255.255.255.0
router bgp 65004
no synchronization
bgp log-neighbor-changes
network x.x.5.0 mask 255.255.255.0
neighbor 10.10.1.2 remote-as 65004
neighbor 10.10.1.2 next-hop-self
neighbor 10.10.1.2 soft-reconfiguration inbound
neighbor x.x.72.109 remote-as XXXX
neighbor x.x.72.109 password 7 blahblahblah
neighbor x.x.72.109 soft-reconfiguration inbound
neighbor x.x.72.109 route-map asXXXXonly in
no auto-summary
ip as-path access-list 30 permit ^XXXX$
route-map asXXXXonly permit 10
match as-path 30
Thanks for any help!

Is your BGP routing operation working normally? If yes, and even then you receive this msg, then I am sure it is a normal BGP message which prints when 'debug ip bgp' is enabled. The BGP scanner process runs every 60 seconds and verifies a variety of things such as verifying the validity of bgp route origin. So basically it looks as though someone has turned debugging on. Please issue the "show debug" command as this will show what specific debugging is on. You can disable it by .

BGP Outbound Route-Map Question

Hi Experts,
Just need your help again. I was trying to do some lab and I came across this weird behaviour with BGP outbound route-map. The diagram is simple.
Please see attached diagram. Sorry for the very poor illustration. R6 has iBGP peering to both R4 and R1. Both R1 and R4 have eBGP peering to R5. No IGP running on any routers as well to keep things simple. There are 2 things to do.
* Create a static route for 160.1.0.0/16 pointing to Null0 on both R1 and R4 and advertise to BGP via network statement but only R5 should be able to see the 160.1.0.0/16 route. R6 should not receive it.
* Advertise R5's /32 loopback interface to BGP but ensure R6 to have that route in its routing table. Don't use next-hop-self on both R1 and R4. Don't advertise WAN link via network command.
I'll just illustrate R4 and R6 here to keep things straight forward.
R4#sh ip bgp
BGP table version is 5, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 150.1.5.5/32     155.1.45.5               0             0 100 i
*> 160.1.0.0        0.0.0.0                  0         32768 i
R6#sh ip bgp
BGP table version is 11, local router ID is 150.1.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
* i150.1.5.5/32     155.1.45.5               0    100      0 100 i
* i                 155.1.0.5                0    100      0 100 i
The first task was achieved as the 160.0.0.0/16 route is not present in R6's table. I used these commands in R4.
router bgp 65000
no synchronization
bgp log-neighbor-changes
network 160.1.0.0
neighbor 155.1.45.5 remote-as 100
neighbor 155.1.146.6 remote-as 65000
neighbor 155.1.146.6 route-map R6_OUT out
no auto-summary
route-map R6_OUT deny 5
match ip address prefix-list AGGR
route-map R6_OUT permit 1000
ip prefix-list AGGR seq 5 permit 160.1.0.0/16
So with the configuration above, it is clear that R4 is hitting route-map line 5 to deny 160.1.0.0/16 being advertised to R6. I tried to remove line 5 to validate as well if the /16 route will be advertised to R6 and it did so route-map configuration above is confirmed working.
Next, advertise loopback 0 of R5 to R6 and make sure it is a valid route in BGP table without the use of next-hop-self or WAN advertisement.
I used the following configuration.
ip prefix-list R5_LINK seq 5 permit 155.1.45.5/32
route-map R6_OUT permit 10
match ip route-source R5_LINK
set ip next-hop 155.1.146.4
I inserted line 10 in between route-map 5 and 1000. So R4 would check its route table for routes with 155.1.45.5 as route-source then advertise it to R6 with next-hop address of 155.1.146.4. It worked!
R6#sh ip bgp
BGP table version is 15, local router ID is 150.1.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*>i150.1.5.5/32     155.1.146.4              0    100      0 100 i
* i                 155.1.0.5                0    100      0 100 i
*>i160.1.0.0        155.1.146.4              0    100      0 i
As you can see above, 150.1.5.5 route is now a valid BGP route but surprisingly, the 160.1.0.0/16 route is there! From what I have seen, BGP skipped line 5 and started at 10. Even if I insert the same rule as line 5 and make it as line 15, it's not working. The /16 route is still being advertised. If I remove the match ip route-source clause in sequence 10 then it will withdraw the 160.1.0.0/16 route again. Looks like "match ip route-source" is not very friendly with direct filtering to BGP neighbors but I saw this being used with BGP inject-map and it worked well.
R4#sh route-map
route-map R6_OUT, deny, sequence 5
Match clauses:
    ip address prefix-lists: AGGR
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map R6_OUT, permit, sequence 10
Match clauses:
    ip route-source (access-lists): R5_LINK
Set clauses:
    ip next-hop 155.1.146.4
Policy routing matches: 0 packets, 0 bytes
route-map R6_OUT, permit, sequence 1000
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Any thoughts why this is happening?
Thanks in advance.

Hi John,
I did a small lab to test feature "match ip route-source" and it is working fine. Please check below config and output.
R4 does not have 172.16.16.0/24 and also routes for which next-hop is not 1.1.1.1. In case you still facing issue, please share output of "debug ip bgp updates out"
Topology
R1--ebgp--R3---ibgp---R4
R3#show ip b su | b Nei
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 34 36 29 0 0 00:27:37 7
4.4.4.4 4 300 9 12 29 0 0 00:04:12 0
R3#
R3#sh route-map TO-R4
route-map TO-R4, deny, sequence 10
Match clauses:
ip address prefix-lists: DENY-PREFIX
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map TO-R4, permit, sequence 20
Match clauses:
ip route-source (access-lists): 20
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R3#
R3#show ip prefix-list DENY-PREFIX
ip prefix-list DENY-PREFIX: 1 entries
seq 5 permit 172.16.16.0/24
R3#
R3#sh ip access-lists 20
Standard IP access list 20
20 permit 1.1.1.1 (25 matches)
R3#
R3#show ip b
BGP table version is 29, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 172.16.8.0/22 1.1.1.1 0 0 100 i
*> 172.31.13.1 20 32768 i
*> 172.16.16.0/24 1.1.1.1 0 0 100 i
*> 172.16.17.0/24 1.1.1.1 0 0 100 i
*> 172.16.19.0/24 1.1.1.1 0 0 100 i
*> 172.16.20.0/22 1.1.1.1 0 0 100 i
* 172.16.24.0/30 1.1.1.1 0 0 100 i
*> 172.31.13.1 20 32768 i
*> 172.16.80.0/22 1.1.1.1 0 0 100 i
R3#
R4#show ip b
BGP table version is 53, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
r>i172.16.17.0/24 1.1.1.1 0 100 0 100 i
r>i172.16.19.0/24 1.1.1.1 0 100 0 100 i
r>i172.16.20.0/22 1.1.1.1 0 100 0 100 i
*>i172.16.80.0/22 1.1.1.1 0 100 0 100 i
R4#
--Pls dont forget to rate helpful posts--
Regards,
Akash

Modify AS with IOS in transit AS

I have IOS SRE advaced IPService.
I need to remove AS o Replace but i can not modify. The diagram is:
R1_AS1------R2_AS2 ------R3_AS3
In R2 I need to change or repalce AS1 when R2 announce the prefix to R3 which source is R1_AS1. I found informattion but i didnt find the solution. AS override dont work in this scene. I have resolved, i configured R1 routes like static in R2, after i redistribute in bgp. I dont like this solution, does someone know other solution (with ios)?
Thanks

Thanks blau grana,
It is great, this was just look up. I woul want only delete the AS-PATH of the prefix, i changed the solution, i havent splitted the prefix.
I have changed the solution with this config:
router bgp 65235
bgp inject-map INJECT--PREFIX-SIN-SUBNETTING exist-map MATCH--PREFIX-SIN-SUBNETTING
ip prefix-list INJECT seq 10 permit 10.251.0.0/16
ip prefix-list RUTAS-LEARNED-SIN-SUBNETTING seq 5 permit 10.251.0.0/16
ip prefix-list ROUTE-SOURCE seq 5 permit 1.1.1.1/32
route-map MATCH-PREFIX-SIN-SUBNETTING permit 10
match ip address prefix-list RUTAS-LEARNED-SIN-SUBNETTING
match ip route-source prefix-list ROUTE-SOURCE
route-map INJECT--PREFIX-SIN-SUBNETTING permit 10
set ip address prefix-list INJECT
This solution works fine.

BGP Community | Route-Map | Local Pref

While labbing today I've ran into some strange behavior with BGP communities/route-map processing. Basically the objective was from R9, send a community for the 172.30.79.0/27 route out to R7 to 65100:90 AND send a community for the 172.30.89.0/27 route out to R8 to 65100:110. Then on R9 match community 65100:90 and set the local-pref to 90 and 65100:110 to local-pref of 110. Should be easy enough but the behavior that i'm seeing is that all is working on R7 but not on R8. The R8 inbound route-map is watching the community but not setting the local-pref for some reason... Any ideas? See below.
Topology
##R9’s BGP/Route-map config setting communities for the two routes out to R7 & R8##
R9#sh run | s bgp|route-map
router bgp 65100
network 172.30.79.0 mask 255.255.255.224
network 172.30.89.0 mask 255.255.255.224
network 192.122.3.9 mask 255.255.255.255
neighbor 172.30.79.7 remote-as 65006
neighbor 172.30.79.7 send-community both
neighbor 172.30.79.7 route-map R7-OUT out
neighbor 172.30.89.8 remote-as 65006
neighbor 172.30.89.8 send-community both
neighbor 172.30.89.8 route-map R8-OUT out
ip bgp-community new-format
route-map R7-OUT permit 10
match ip address prefix-list 172.30.79.0/27
set community 65100:90
route-map R7-OUT permit 20
route-map R8-OUT permit 10
match ip address prefix-list 172.30.89.0/27
set community 65100:110
route-map R8-OUT permit 20
##R7’s config##
R7#sh run | s bgp|route-map
router bgp 65006
address-family ipv4 vrf VPN
neighbor 172.30.79.9 remote-as 65100
neighbor 172.30.79.9 activate
neighbor 172.30.79.9 send-community both
neighbor 172.30.79.9 as-override
neighbor 172.30.79.9 route-map R9-IN in
route-map R9-IN permit 10
match community 65100:90
set local-preference 90
route-map R9-IN permit 20
##R7’s ‘show bgp’##
R7#sh ip bgp vpnv4 vrf VPN | b Network
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65066:700 (default for vrf VPN)
r> 172.30.79.0/27   172.30.79.9           90             0 65100 i
*> 172.30.89.0/27   172.30.79.9              0             0 65100 i
*> 192.122.3.9/32   172.30.79.9              0             0 65100 i
##R8’s config##
router bgp 65006
address-family ipv4 vrf VPN
neighbor 172.30.89.9 remote-as 65100
neighbor 172.30.89.9 activate
neighbor 172.30.89.9 send-community both
neighbor 172.30.89.9 as-override
neighbor 172.30.89.9 route-map R9-INv2 in
route-map R9-INv2 permit 10
match community 65100:110
set local-preference 110
route-map R9-INv2 permit 20
##R8’s ‘show bgp’##
R8#sh ip bgp vpnv4 vrf VPN | b Network
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65006:800 (default for vrf VPN)
*> 172.30.79.0/27   172.30.89.9              0             0 65100 i
r> 172.30.89.0/27   172.30.89.9              0             0 65100 i
*> 192.122.3.9/32   172.30.89.9              0             0 65100 i
R8#sh ip bgp vpnv4 vrf VPN community | b Network
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65006:800 (default for vrf VPN)
r> 172.30.89.0/27   172.30.89.9              0             0 65100 i
R8#sh ip bgp vpnv4 vrf VPN 172.30.89.0/27
BGP routing table entry for 65006:800:172.30.89.0/27, version 77
Paths: (1 available, best #1, table VPN, RIB-failure(17))
Not advertised to any peer
Refresh Epoch 2
65100
    172.30.89.9 from 172.30.89.9 (192.122.3.9)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Community: 65100:110
      Extended Community: RT:910:910
      mpls labels in/out 45/nolabel
      rx pathid: 0, tx pathid: 0x0

While labbing today I've ran into some strange behavior with BGP communities/route-map processing. Basically the objective was from R9, send a community for the 172.30.79.0/27 route out to R7 to 65100:90 AND send a community for the 172.30.89.0/27 route out to R8 to 65100:110. Then on R9 match community 65100:90 and set the local-pref to 90 and 65100:110 to local-pref of 110. Should be easy enough but the behavior that i'm seeing is that all is working on R7 but not on R8. The R8 inbound route-map is watching the community but not setting the local-pref for some reason... Any ideas? See below.
Topology
##R9’s BGP/Route-map config setting communities for the two routes out to R7 & R8##
R9#sh run | s bgp|route-map
router bgp 65100
network 172.30.79.0 mask 255.255.255.224
network 172.30.89.0 mask 255.255.255.224
network 192.122.3.9 mask 255.255.255.255
neighbor 172.30.79.7 remote-as 65006
neighbor 172.30.79.7 send-community both
neighbor 172.30.79.7 route-map R7-OUT out
neighbor 172.30.89.8 remote-as 65006
neighbor 172.30.89.8 send-community both
neighbor 172.30.89.8 route-map R8-OUT out
ip bgp-community new-format
route-map R7-OUT permit 10
match ip address prefix-list 172.30.79.0/27
set community 65100:90
route-map R7-OUT permit 20
route-map R8-OUT permit 10
match ip address prefix-list 172.30.89.0/27
set community 65100:110
route-map R8-OUT permit 20
##R7’s config##
R7#sh run | s bgp|route-map
router bgp 65006
address-family ipv4 vrf VPN
neighbor 172.30.79.9 remote-as 65100
neighbor 172.30.79.9 activate
neighbor 172.30.79.9 send-community both
neighbor 172.30.79.9 as-override
neighbor 172.30.79.9 route-map R9-IN in
route-map R9-IN permit 10
match community 65100:90
set local-preference 90
route-map R9-IN permit 20
##R7’s ‘show bgp’##
R7#sh ip bgp vpnv4 vrf VPN | b Network
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65066:700 (default for vrf VPN)
r> 172.30.79.0/27   172.30.79.9           90             0 65100 i
*> 172.30.89.0/27   172.30.79.9              0             0 65100 i
*> 192.122.3.9/32   172.30.79.9              0             0 65100 i
##R8’s config##
router bgp 65006
address-family ipv4 vrf VPN
neighbor 172.30.89.9 remote-as 65100
neighbor 172.30.89.9 activate
neighbor 172.30.89.9 send-community both
neighbor 172.30.89.9 as-override
neighbor 172.30.89.9 route-map R9-INv2 in
route-map R9-INv2 permit 10
match community 65100:110
set local-preference 110
route-map R9-INv2 permit 20
##R8’s ‘show bgp’##
R8#sh ip bgp vpnv4 vrf VPN | b Network
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65006:800 (default for vrf VPN)
*> 172.30.79.0/27   172.30.89.9              0             0 65100 i
r> 172.30.89.0/27   172.30.89.9              0             0 65100 i
*> 192.122.3.9/32   172.30.89.9              0             0 65100 i
R8#sh ip bgp vpnv4 vrf VPN community | b Network
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65006:800 (default for vrf VPN)
r> 172.30.89.0/27   172.30.89.9              0             0 65100 i
R8#sh ip bgp vpnv4 vrf VPN 172.30.89.0/27
BGP routing table entry for 65006:800:172.30.89.0/27, version 77
Paths: (1 available, best #1, table VPN, RIB-failure(17))
Not advertised to any peer
Refresh Epoch 2
65100
    172.30.89.9 from 172.30.89.9 (192.122.3.9)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Community: 65100:110
      Extended Community: RT:910:910
      mpls labels in/out 45/nolabel
      rx pathid: 0, tx pathid: 0x0

NX-OS vrf bgp local-as interaction with L3vpn

I use standard MPLS BGP-L3vpn to forward traffic between VRFs on Nexus 7k routers. All of my VRFs are within the same BGP process, so have the same local-as.
I'd like to bring-up an eBGP session from one VRF to a carrier, but the carriers requires that they peer with a specific BGP ASN (call it "65432"). It doesn't look like NX-OS supports the "router bgp 1234, vrf VRF1 neighbor w.x.y.z local-as 65432" command. However, it does appear to support "router bgp 1234, vrf VRF1, local-as 65432".
My limited understanding is that this would prepend "65432" onto all routes advertised to all VRF1 neighbors? And that all neighbors defined under VRF1 on this router would learn routes from me with as-path "^65432 1234 ..."?
If so, would this have any affect on routes exchanged with other VRFs using import/export rd?

It's tricky given that BGP's AD is always going to beat out EIGRP's all other things being equal. Most of the things you can do with BGP route-maps involve making one BGP route preferred over another.
You could inject the preferred path as a static route (AD = 1) to the firewall using an ip sla operation and having the static route track that. Once the ip sla operation fails, the static route is withdrawn and then the BGP-learned route (AD = 20) will take precedence.

BGP stuck in opensent state

HELP! Been looking at this problem all day. Have a simple BGP config on my end (below). I have no control on the other end. Recently upgraded from 2811 to 2911. IOS: c2900-universalk9-mz.SPA.151-4.M7.bin Configs on old and new routers exactly the same.
Called our ISP. They see the same debug logs, but have no clue to fix. I can ping across fine. No MTU issues. Move connections back to old 2811 BGP comes up no problem.
interface Serial0/0/0
ip address X.X.X.86 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
service-module t1 fdl ansi
no cdp enable
router bgp 65000
bgp log-neighbor-changes
network Y.Y.Y.0
network Y.Y.Y.16 mask 255.255.255.240
neighbor X.X.X.85 remote-as 2
neighbor X.X.X.85 password 7 06252C1268715E3C5139
debug
Nov 5 11:07:05.493: BGP: Selected new router ID Y.Y.Y.17 for scope global
Nov 5 11:07:05.537: BGP: Applying map to find origin for Y.Y.Y.16/28
Nov 5 11:07:05.541: BGP: Applying map to find origin for Y.Y.Y.16/28
Nov 5 11:07:05.541: BGP: Applying map to find origin for Y.Y.Y.16/28
Nov 5 11:07:05.549: BGP: nbr global X.X.X.85 Active open failed - can't get active topologies
Nov 5 11:07:05.549: BGP: nbr global X.X.X.85 Open active delayed 11264ms (35000ms max, 60% jitter)
Nov 5 11:07:06.457: BGP: X.X.X.85 passive open to X.X.X.86
Nov 5 11:07:06.461: BGP: X.X.X.85 passive went from Idle to Connect
Nov 5 11:07:06.461: BGP: ses global X.X.X.85 (0x307CA074:0) pas Setting open delay timer to 60 seconds.
Nov 5 11:07:06.461: BGP: ses global X.X.X.85 (0x307CA074:0) pas read request no-op
Nov 5 11:07:06.521: BGP: Sched timer-wheel running slow by 8 ticks
Nov 5 11:07:16.761: BGP: X.X.X.85 active went from Idle to Active
Nov 5 11:07:16.761: BGP: X.X.X.85 open active, local address X.X.X.86
Nov 5 11:07:16.773: BGP: ses global X.X.X.85 (0x30B937F4:0) act Adding topology IPv4 Unicast:base
Nov 5 11:07:16.773: BGP: ses global X.X.X.85 (0x30B937F4:0) act Send OPEN
Nov 5 11:07:16.773: BGP: X.X.X.85 active went from Active to OpenSent
Nov 5 11:07:16.773: BGP: X.X.X.85 active sending OPEN, version 4, my as: 65000, holdtime 180 seconds, ID CD464511
Nov 5 11:07:16.785: BGP: X.X.X.85 active rcv message type 3, length (excl. header) 5
Nov 5 11:07:16.785: %BGP-3-NOTIFICATION: received from neighbor X.X.X.85 active 2/8 (no supported AFI/SAFI) 3 bytes 000000
Nov 5 11:07:16.785: BGP: ses global X.X.X.85 (0x30B937F4:0) act Receive NOTIFICATION 2/8 (no supported AFI/SAFI) 3 bytes 000000
Nov 5 11:07:16.785: BGP: ses global X.X.X.85 (0x30B937F4:0) act Reset (BGP Notification received).
Nov 5 11:07:16.785: BGP: X.X.X.85 active went from OpenSent to Closing
Nov 5 11:07:16.785: BGP: nbr_topo global X.X.X.85 IPv4 Unicast:base (0x30B937F4:0) NSF delete stale NSF not active
Nov 5 11:07:16.785: BGP: nbr_topo global X.X.X.85 IPv4 Unicast:base (0x30B937F4:0) NSF no stale paths state is NSF not active
Nov 5 11:07:16.785: BGP: nbr_topo global X.X.X.85 IPv4 Unicast:base (0x30B937F4:0) Resetting ALL counters.
Nov 5 11:07:16.785: BGP: X.X.X.85 active closing
Nov 5 11:07:16.785: BGP: ses global X.X.X.85 (0x30B937F4:0) act Session close and reset neighbor X.X.X.85 topostate
Nov 5 11:07:16.785: BGP: nbr_topo global X.X.X.85 IPv4 Unicast:base (0x30B937F4:0) Resetting ALL counters.
Nov 5 11:07:16.785: BGP: X.X.X.85 active went from Closing to Idle
Nov 5 11:07:16.785: %BGP_SESSION-5-ADJCHANGE: neighbor X.X.X.85 IPv4 Unicast topology base removed from session BGP Notification received
Nov 5 11:07:16.785: BGP: ses global X.X.X.85 (0x30B937F4:0) act Removed topology IPv4 Unicast:base
Nov 5 11:07:16.785: BGP: ses global X.X.X.85 (0x30B937F4:0) act Removed last topology
Nov 5 11:07:16.785: BGP: nbr global X.X.X.85 Active open failed - existing passive session
Nov 5 11:07:16.785: BGP: nbr global X.X.X.85 Active open failed - existing passive session

From what I'm finding, AFI 2 is IPv6. This seems like it's expecting IPv6:
Nov 5 11:07:16.785: %BGP-3-NOTIFICATION: received from neighbor X.X.X.85 active 2/8 (no supported AFI/SAFI) 3 bytes 000000
I'm also seeing that SAFI 8 is multicast:
http://www.iana.org/assignments/safi-namespace/safi-namespace.xhtml
If this is the case, the settings that you have above simply wouldn't work. I would contact the ISP to see what your peer is running.
http://routing-bits.com/2009/11/26/output-101-bgp-afisafi/
HTH,
John

NBAR & BGP

I'm trying to use "match protocol bgp" command in a class-map in order to classify all BGP routing traffic, but it doesn't match.
When I try to do the same using an ACL matching tcp 179 in the same class-map configuration it works.
Any suggestion?
Regards
Fabio

ip cef
class-map match-any SILVER
match protocol bgp
policy-map LLQ
class SILVER
bandwidth 150
interface ATM0/0.1 point-to-point
ip nbar protocol-discovery
pvc 8/35
service-policy output LLQ
As you can see in the configuration The outputs below show TEST-2651XM-ADSL#sh policy-map Class-map: SILVER (match-any)
0 packets, 0 bytes
30 second offered Match: protocol bgp
0 packets, 0 bytes
30 second rate 0 bps
TEST-2651XM-ADSL#sh ip ATM0/0.1
Input Protocol Byte Count snmp 229270 19069945 3000 telnet 2316 122848 1000 icmp 4395 421864 0 bgp 0 0 0 I'm using the IOS release:
(C2600-IS-M), ver.12.2(15)T12 extract above the commands you suggested are applied.
that bgp packets have no match:
int atm 0/0.1
rate 0 bps, drop rate 0 bps
nbar protocol-discovery int atm 0/0.1
Output
Packet Count Packet Count
Byte Count
30 second bit rate (bps) 30 second bit rate (bps)
12936
1528680
0
3
162
0
313
29488
0
0
0
0

Cisco ASR9006 bgp send full table problem

Hi all, Thats me again!
I have a simple lab and I have couple of cisco 7206 vxr g2 and one cisco asr 9006. I can try to bgp configration for asr 9006 to vxr 7206.
I want to receive full table for the isp. after that I want to send my bgp peer this full table. Configrations are below.
ASR9006
route-policy Accept-All
pass
end-policy
router bgp 100
bgp router-id 192.168.96.92
address-family ipv4 unicast
network 192.168.103.0/24
neighbor 192.168.96.1
remote-as 100
update-source MgmtEth0/RSP0/CPU0/0
address-family ipv4 unicast
   route-policy Accept-All in
   route-policy Accept-All out
neighbor 192.168.96.4
remote-as 100
update-source MgmtEth0/RSP0/CPU0/0
address-family ipv4 unicast
   route-policy Accept-All in
   route-policy Accept-All out
RP/0/RSP1/CPU0:#sh bgp summary
Mon Jun 25 11:44:19.645 GMT
BGP router identifier 192.168.96.92, local AS number 100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000   RD version: 184
BGP main routing table version 184
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process       RcvTblVer   bRIB/RIB   LabelVer ImportVer SendTblVer StandbyVer
Speaker             184        184        184        184         184         184
Neighbor        Spk    AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down St/PfxRcd
192.168.96.1      0 100 156761      26      184    0    0 00:10:50     427521
192.168.96.4      0 100      93      91      184    0    0 00:11:31          0
RP/0/RSP1/CPU0:#
RP/0/RSP1/CPU0:#sh bgp neighbor 192.168.96.4 advertised-routes
Mon Jun 25 11:44:59.487 GMT
Network            Next Hop        From            AS Path
192.168.103.0/24   192.168.96.92   Local           i
Processed 1 prefixes, 1 paths
RP/0/RSP1/CPU0:#
I can receive 192.168.96.1 for the full table.
Cisco 7206 VXR G2_2
router bgp 100
no synchronization
bgp router-id 192.168.96.4
bgp log-neighbor-changes
neighbor 192.168.96.92 remote-as 100
neighbor 192.168.96.92 update-source GigabitEthernet0/1.1
no auto-summary
7206VXR_G2_2#sh ip bgp summary
BGP router identifier 192.168.96.4, local AS number 100
BGP table version is 12, main routing table version 12
1 network entries using 121 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 152 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 325 total bytes of memory
BGP activity 6/5 prefixes, 9/8 paths, scan interval 60 secs
Neighbor        V    AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down State/PfxRcd
192.168.96.92   4 100      14      15       12    0    0 00:10:55        1
7206VXR_G2_2#
7206VXR_G2_2#sh ip bgp
BGP table version is 12, local router ID is 192.168.96.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*>i192.168.103.0    192.168.96.92            0    100      0 i
7206VXR_G2_2#
I can advertised to 192.168.103.0/24 networks. I can receive full table vxr_7206_1. but I don't advertise to full table to vxr_7206_2.
I read the cisco configrations guide for asr 9000 series alot of times. But I didn't see subject or example "how to send full bgp table".
Please advice me? How can I do this?

Hello Umit,
If I properly understand you want to test your connection towards ISP and BGP route exchange. I would assume your ISP uses different BGP AS compare to yours. In this current setup I see ASR9k and 7200 have the same BGP AS meaning this is iBGP. In this case we have to have full mesh between iBGP peers as routes are not sent back to other iBGP peers.
I don’t know which exactly 7200 emulates ISP, but we need to configure eBGP between ASR9k and that 7200 (different BGP AS).
Note, you use “update-source MgmtEth0/RSP0/CPU0/0”. That is not recommended as there is no routing between management and other forwarding interfaces. Configure a loopback and use as an update-source.
Regards,
/A

Bgp-Eigrp-Bgp redistribution question

Hi Experts,
Just wish to ask if there is an option to retain the as-path information in eigrp when i redistribute from bgp to eigrp then to bgp?
I recall coming across something similar to this before but I can't seem to remember it.
Thanks in advance.

Hello friend.
No, you can't retain the AS-PATH when redistributing prefixes from BGP to EIGRP.
What you CAN do though, is to add the AS-PATH you want when redistributing it BACK to BGP.
You can do something like this:
1 - Add a TAG when redistributing the BGP prefixes into EIGRP
route-map SET_TAG permit 10
set tag 100
router eigrp 1
redistribute bgp 100 metric 1 1 1 1 1 route-map SET_TAG
2 - transform the TAG into an AS_PATH, when redistributing it BACK to BGP.
route-map set-as-path-from-tag
set as-path tag
router bgp 100
redistribute eigrp 1 route-map set-as-path-from-tag
Got it ?
I hope this helps you !
cheers

Link Local BGP peering between Cisco and Juniper (M-Series)

Hi,
has anybody successfully managed to get a working IPv6 session between a Cisco and a Juniper router using Link Local IPs?
I got it working between two cisco routers and two Juniper Routers but not with the two different vendors.
Configuration on the Juniper site:
   family inet6 {
       address FE80::1/64;
protocols {
      bgp {
          group customer_ipv6 {
              neighbor fe80::2 {
                  local-interface at-2/0/0.119;
                  peer-as 65300;
                  as-override;
Configuration on the Cisco site:
interface ATM0/0/0.1 point-to-point
bandwidth 2033
ip address 10.194.235.42 255.255.255.252
ip access-group AL-SECURITY-WAN out
ip mtu 1500
ipv6 address FE80::2 link-local
ipv6 enable
bfd interval 999 min_rx 999 multiplier 15
pvc 1/32
vbr-nrt 2244 2244 1
tx-ring-limit 3
encapsulation aal5snap
router bgp 65300
bgp router-id 10.213.58.185
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor FE80::1%ATM0/0/0.1 remote-as 65300
neighbor FE80::1%ATM0/0/0.1 version 4
neighbor FE80::2%GigabitEthernet0/1 remote-as 65300
neighbor FE80::2%GigabitEthernet0/1 version 4
address-family ipv4
exit-address-family
address-family ipv6
neighbor FE80::1%ATM0/0/0.1 activate
neighbor FE80::1%ATM0/0/0.1 advertisement-interval 5
neighbor FE80::1%ATM0/0/0.1 soft-reconfiguration inbound
neighbor FE80::1%ATM0/0/0.1 route-map NH6 out
neighbor FE80::2%GigabitEthernet0/1 activate
neighbor FE80::2%GigabitEthernet0/1 advertisement-interval 5
neighbor FE80::2%GigabitEthernet0/1 soft-reconfiguration inbound
neighbor FE80::2%GigabitEthernet0/1 route-map NH6 out
exit-address-family
CE_HOSTNAME# show ip bgp ipv6 uni su
BGP router identifier 10.213.58.185, local AS number 65300
BGP table version is 7, main routing table version 7
4 network entries using 656 bytes of memory
4 path entries using 320 bytes of memory
1/1 BGP path/bestpath attribute entries using 128 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
2 BGP community entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1200 total bytes of memory
BGP activity 34/12 prefixes, 38/12 paths, scan interval 60 secs
Neighbor        V           AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down State/PfxRcd
FE80::1%ATM0/0/0.1
                4        65300       0       0        1    0    0 never    Idle
FE80::2%GigabitEthernet0/1
                4        65300      15      16        7    0    0 00:10:59        4
CE_HOSTNAME#
The console monitoring states the following:
Nov 10 06:30:33.023 MET: %BGP-3-NOTIFICATION: sent to neighbor FE80::1%ATM0/0/0.1 active 2/7 (unsupported/disjoint capability) 0 bytes
Nov 10 06:30:33.023 MET: %BGP-4-MSGDUMP: unsupported or mal-formatted message received from FE80::1%ATM0/0/0.1:
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 001D 0104 505A 005A 52D2 C023 00
Nov 10 06:30:33.023 MET: %BGP-3-NOTIFICATION: received from neighbor FE80::1%ATM0/0/0.1 active 2/5 (authentication failure) 0 bytes
de-ipc-ulmdon-ce-02#
Nov 10 06:30:33.023 MET: %BGP_SESSION-5-ADJCHANGE: neighbor FE80::1%ATM0/0/0.1 IPv6 Unicast topology base removed from session BGP Notification sent
The Cisco Router is running IOS 15.2, the Juniper Site JunOS 10.4
Any Ideas how I can get this to work?
Thanks in advance!

Marcin,
I updated the debugging log, the previous one was created using override-capability-neg on the neighbor (experimental).
>>0) Do you see similar scenario for working session? (Between two Cisco routers)
The working connection between two cisco routers doesn't show any output
>>1) What verion of IOS are you running? Something failrly recent I hope?
Show Version:
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(1)T1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Mon 19-Sep-11 16:24 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)
CE_HOSTNAME uptime is 2 weeks, 5 days, 21 hours, 35 minutes
System returned to ROM by reload at 18:43:21 MET(S) Fri Oct 21 2011
System restarted at 18:44:50 MET(S) Fri Oct 21 2011
System image file is "flash:c1900-universalk9-mz.SPA.152-1.T1.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO1941/K9 (revision 1.0) with 446464K/77824K bytes of memory.
Processor board ID FCZ1504C0G8
1 DSL controller
2 Gigabit Ethernet interfaces
1 ATM interface
1 terminal line
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
Device#   PID                   SN
*0        CISCO1941/K9          FCZ1504C0G8
Technology Package License Information for Module:'c1900'
Technology    Technology-package           Technology-package
              Current       Type           Next reboot
ipbase        ipbasek9      Permanent      ipbasek9
security      None          None           None
data          datak9        Permanent      datak9
Configuration register is 0x2102
>>2) Can we have some more info from Juniper side (logs/debugs).
Sadly not. The Juniper Traceoptions don't show anything
All I can offer you at this point is the neighbor show command:
user@Juniper> show bgp neighbor fe80::2 instance vrf-test
Peer: fe80::2 AS 65300         Local: unspecified AS 20570
Type: External    State: Idle           Flags:
Last State: NoState       Last Event: NoEvent
Last Error: None
Export: [ pol-standard-bgp-export ] Import: [ pol-standard-bgp-import ]
Options:
Options:
Address families configured: inet6-unicast
Path-attributes dropped: 128
Holdtime: 90 Preference: 170
Number of flaps: 0
Trace options: all
Trace file: /var/log/bgp_ipv6_ll_20111110 size 131072 files 10
user@Juniper> show bgp summary instance vrf-test
Groups: 2 Peers: 2 Down peers: 1
Table          Tot Paths Act Paths Suppressed    History Damp State    Pending
vrf-2.inet.0          37         16          0          0          0          0
vrf-.inet6.0           0          0          0          0          0          0
vrf-24.mdt.0           0          0          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.194.235.42         65300       1149       1076       0       1     8:44:00 Establ
vrf-test.inet.0: 6/7/7/0
fe80::2               65300          0          0       0       0     9:38:32 Idle
>>3)
CE_HOSTNAME#
Nov 10 15:35:49.574 MET: BGP: ses global 10.194.235.41 (0x2970EDA4:1) Keep alive timer fired.
Nov 10 15:35:49.574 MET: BGP: 10.194.235.41 KEEPALIVE requested (bgp_keepalive_timer_expired)
Nov 10 15:35:49.574 MET: BGP: ses global 10.194.235.41 (0x2970EDA4:1) service keepalive IO request.
Nov 10 15:35:49.574 MET: BGP: 10.194.235.41 KEEPALIVE write request serviced in BGP_IO
CE_HOSTNAME#
Nov 10 15:35:50.598 MET: BGP: ses global FE80::2%GigabitEthernet0/1 (0x316FBDDC:1) Keep alive timer fired.
Nov 10 15:35:50.598 MET: BGP: FE80::2%GigabitEthernet0/1 KEEPALIVE requested (bgp_keepalive_timer_expired)
Nov 10 15:35:50.598 MET: BGP: ses global FE80::2%GigabitEthernet0/1 (0x316FBDDC:1) service keepalive IO request.
Nov 10 15:35:50.598 MET: BGP: FE80::2%GigabitEthernet0/1 KEEPALIVE write request serviced in BGP_IO
CE_HOSTNAME#
Nov 10 15:35:52.850 MET: BGP: 10.194.235.41 received KEEPALIVE, length (excl. header) 0
CE_HOSTNAME#
Nov 10 15:35:54.694 MET: BGP: FE80::1%ATM0/0/0.1 active went from Idle to Active
Nov 10 15:35:54.694 MET: BGP: FE80::1%ATM0/0/0.1 open active, local address FE80::2
Nov 10 15:35:54.698 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Adding topology IPv6 Unicast:base
Nov 10 15:35:54.698 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Send OPEN
Nov 10 15:35:54.698 MET: BGP: FE80::1%ATM0/0/0.1 active went from Active to OpenSent
Nov 10 15:35:54.698 MET: BGP: FE80::1%ATM0/0/0.1 active sending OPEN, version 4, my as: 65300, holdtime 180 seconds, ID AD53AB9
Nov 10 15:35:54.698 MET: BGP: FE80::1%ATM0/0/0.1 active KEEPALIVE write request serviced in BGP_IO
Nov 10 15:35:54.698 MET: BGP: FE80::1%ATM0/0/0.1 active service 2 read request in BGP_IO
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active KEEPALIVE write request serviced in BGP_IO
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active service 2 read request in BGP_IO
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active service 2 read request in BGP_IO
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active rcv message type 1, length (excl. header) 10
Nov 10 15:35:54.702 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Receive OPEN
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active rcv OPEN, version 4, holdtime 90 seconds
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active rcv OPEN w/ OPTION parameter len: 0
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active went from OpenSent to Closing
Nov 10 15:35:54.702 MET: %BGP-3-NOTIFICATION: sent to neighbor FE80::1%ATM0/0/0.1 active 2/7 (unsupported/disjoint capability) 0 bytes
Nov 10 15:35:54.702 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Send NOTIFICATION 2/7 (unsupported/disjoint capability) 0 bytes
Nov 10 15:35:54.702 MET: %BGP-4-MSGDUMP: unsupported or mal-formatted message received from FE80::1%ATM0/0/0.1:
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 001D 0104 505A 005A 52D2 C023 00
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active rcv message type 3, length (excl. header) 2
Nov 10 15:35:54.702 MET: %BGP-3-NOTIFICATION: received from neighbor FE80::1%ATM0/0/0.1 active 2/5 (authentication failure) 0 bytes
Nov 10 15:35:54.702 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Receive NOTIFICATION 2/5 (authentication failure) 0 bytes
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active bad state change from Closing to Closing
Nov 10 15:35:54.702 MET: -Traceback= 21B3370Cz 21B33C74z 21B34258z
Nov 10 15:35:54.702 MET: BGP: tbl IPv4 Unicast:base Service reset requests
Nov 10 15:35:54.702 MET: BGP: tbl IPv6 Unicast:base Service reset requests
Nov 10 15:35:54.702 MET: BGP: tbl VPNv4 Unicast:base Service reset requests
Nov 10 15:35:54.702 MET: BGP: tbl VPNv6 Unicast:base Service reset requests
Nov 10 15:35:54.702 MET: BGP: tbl IPv4 Multicast:base Service reset requests
Nov 10 15:35:54.702 MET: BGP: nbr_topo global FE80::1%ATM0/0/0.1 IPv6 Unicast:base (0x296337B4:0) NSF delete stale NSF not active
Nov 10 15:35:54.702 MET: BGP: nbr_topo global FE80::1%ATM0/0/0.1 IPv6 Unicast:base (0x296337B4:0) NSF no stale paths state is NSF not active
Nov 10 15:35:54.702 MET: BGP: nbr_topo global FE80::1%ATM0/0/0.1 IPv6 Unicast:base (0x296337B4:0) Resetting ALL counters.
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active closing
Nov 10 15:35:54.702 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Session close and reset neighbor FE80::1%ATM0/0/0.1 topostate
Nov 10 15:35:54.702 MET: BGP: nbr_topo global FE80::1%ATM0/0/0.1 IPv6 Unicast:base (0x296337B4:0) Resetting ALL counters.
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active went from Closing to Idle
Nov 10 15:35:54.702 MET: %BGP_SESSION-5-ADJCHANGE: neighbor FE80::1%ATM0/0/0.1 IPv6 Unicast topology base removed from session BGP Notification sent
CE_HOSTNAME#CE_HOSTNAME#
Nov 10 15:35:49.574 MET: BGP: ses global 10.194.235.41 (0x2970EDA4:1) Keep alive timer fired.
Nov 10 15:35:49.574 MET: BGP: 10.194.235.41 KEEPALIVE requested (bgp_keepalive_timer_expired)
Nov 10 15:35:49.574 MET: BGP: ses global 10.194.235.41 (0x2970EDA4:1) service keepalive IO request.
Nov 10 15:35:49.574 MET: BGP: 10.194.235.41 KEEPALIVE write request serviced in BGP_IO
CE_HOSTNAME#
Nov 10 15:35:50.598 MET: BGP: ses global FE80::2%GigabitEthernet0/1 (0x316FBDDC:1) Keep alive timer fired.
Nov 10 15:35:50.598 MET: BGP: FE80::2%GigabitEthernet0/1 KEEPALIVE requested (bgp_keepalive_timer_expired)
Nov 10 15:35:50.598 MET: BGP: ses global FE80::2%GigabitEthernet0/1 (0x316FBDDC:1) service keepalive IO request.
Nov 10 15:35:50.598 MET: BGP: FE80::2%GigabitEthernet0/1 KEEPALIVE write request serviced in BGP_IO
CE_HOSTNAME#
Nov 10 15:35:52.850 MET: BGP: 10.194.235.41 received KEEPALIVE, length (excl. header) 0
CE_HOSTNAME#
Nov 10 15:35:54.694 MET: BGP: FE80::1%ATM0/0/0.1 active went from Idle to Active
Nov 10 15:35:54.694 MET: BGP: FE80::1%ATM0/0/0.1 open active, local address FE80::2
Nov 10 15:35:54.698 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Adding topology IPv6 Unicast:base
Nov 10 15:35:54.698 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Send OPEN
Nov 10 15:35:54.698 MET: BGP: FE80::1%ATM0/0/0.1 active went from Active to OpenSent
Nov 10 15:35:54.698 MET: BGP: FE80::1%ATM0/0/0.1 active sending OPEN, version 4, my as: 65300, holdtime 180 seconds, ID AD53AB9
Nov 10 15:35:54.698 MET: BGP: FE80::1%ATM0/0/0.1 active KEEPALIVE write request serviced in BGP_IO
Nov 10 15:35:54.698 MET: BGP: FE80::1%ATM0/0/0.1 active service 2 read request in BGP_IO
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active KEEPALIVE write request serviced in BGP_IO
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active service 2 read request in BGP_IO
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active service 2 read request in BGP_IO
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active rcv message type 1, length (excl. header) 10
Nov 10 15:35:54.702 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Receive OPEN
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active rcv OPEN, version 4, holdtime 90 seconds
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active rcv OPEN w/ OPTION parameter len: 0
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active went from OpenSent to Closing
Nov 10 15:35:54.702 MET: %BGP-3-NOTIFICATION: sent to neighbor FE80::1%ATM0/0/0.1 active 2/7 (unsupported/disjoint capability) 0 bytes
Nov 10 15:35:54.702 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Send NOTIFICATION 2/7 (unsupported/disjoint capability) 0 bytes
Nov 10 15:35:54.702 MET: %BGP-4-MSGDUMP: unsupported or mal-formatted message received from FE80::1%ATM0/0/0.1:
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 001D 0104 505A 005A 52D2 C023 00
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active rcv message type 3, length (excl. header) 2
Nov 10 15:35:54.702 MET: %BGP-3-NOTIFICATION: received from neighbor FE80::1%ATM0/0/0.1 active 2/5 (authentication failure) 0 bytes
Nov 10 15:35:54.702 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Receive NOTIFICATION 2/5 (authentication failure) 0 bytes
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active bad state change from Closing to Closing
Nov 10 15:35:54.702 MET: -Traceback= 21B3370Cz 21B33C74z 21B34258z
Nov 10 15:35:54.702 MET: BGP: tbl IPv4 Unicast:base Service reset requests
Nov 10 15:35:54.702 MET: BGP: tbl IPv6 Unicast:base Service reset requests
Nov 10 15:35:54.702 MET: BGP: tbl VPNv4 Unicast:base Service reset requests
Nov 10 15:35:54.702 MET: BGP: tbl VPNv6 Unicast:base Service reset requests
Nov 10 15:35:54.702 MET: BGP: tbl IPv4 Multicast:base Service reset requests
Nov 10 15:35:54.702 MET: BGP: nbr_topo global FE80::1%ATM0/0/0.1 IPv6 Unicast:base (0x296337B4:0) NSF delete stale NSF not active
Nov 10 15:35:54.702 MET: BGP: nbr_topo global FE80::1%ATM0/0/0.1 IPv6 Unicast:base (0x296337B4:0) NSF no stale paths state is NSF not active
Nov 10 15:35:54.702 MET: BGP: nbr_topo global FE80::1%ATM0/0/0.1 IPv6 Unicast:base (0x296337B4:0) Resetting ALL counters.
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active closing
Nov 10 15:35:54.702 MET: BGP: ses global FE80::1%ATM0/0/0.1 (0x296337B4:0) act Session close and reset neighbor FE80::1%ATM0/0/0.1 topostate
Nov 10 15:35:54.702 MET: BGP: nbr_topo global FE80::1%ATM0/0/0.1 IPv6 Unicast:base (0x296337B4:0) Resetting ALL counters.
Nov 10 15:35:54.702 MET: BGP: FE80::1%ATM0/0/0.1 active went from Closing to Idle
Nov 10 15:35:54.702 MET: %BGP_SESSION-5-ADJCHANGE: neighbor FE80::1%ATM0/0/0.1 IPv6 Unicast topology base removed from session BGP Notification sent
CE_HOSTNAME#

No BGP Peering between CE and PE

Still in the process of modeling the MPLS network that we currently have with one of our Service Providers.
At this point I have placed the same config on the Lab CE's that exist in our production network. I have also followed Cisco Documentation to configure the PE routers, however I cannot get the CE to PE BGP peering.
What am I missing?
*CE Router*
nterface Loopback0
ip address 10.18.0.8 255.255.255.255
interface FastEthernet0/0
ip address 68.139.201.30 255.255.255.252
duplex half
interface FastEthernet1/0
no ip address
shutdown
duplex half
interface FastEthernet1/1
no ip address
shutdown
duplex half
interface FastEthernet2/0
no ip address
duplex full
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 68.139.201.29 remote-as 65000
*PE Router*
ip vrf vpn-mtb
rd 1:100
route-target export 1:100
route-target import 1:100
no ip domain lookup
mpls label protocol ldp
tag-switching tdp router-id Loopback0
interface Loopback0
ip address 68.2.0.1 255.255.255.252
interface FastEthernet0/0
ip address 68.2.1.2 255.255.255.252
duplex auto
speed auto
tag-switching ip
interface FastEthernet1/0
ip vrf forwarding vpn-mtb
ip address 68.139.201.29 255.255.255.252
duplex auto
speed auto
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
router ospf 1
router-id 68.2.0.1
log-adjacency-changes
network 68.0.0.0 0.255.255.255 area 0
router bgp 65000
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 68.2.0.3 remote-as 65000
neighbor 68.2.0.3 update-source Loopback0
no auto-summary
address-family vpnv4
neighbor 68.2.0.3 activate
neighbor 68.2.0.3 send-community extended
exit-address-family
address-family ipv4 vrf vpn-mtb
redistribute connected
neighbor 68.139.201.30 remote-as 1
neighbor 68.139.201.30 activate
neighbor 68.139.201.30 as-override
no auto-summary
no synchronization
exit-address-family

Here are the command outputs:
PE#show ip bgp vpnv4 all summary
BGP router identifier 68.2.0.1, local AS number 65000
BGP table version is 3, main routing table version 3
1 network entries using 137 bytes of memory
1 path entries using 64 bytes of memory
3/1 BGP path/bestpath attribute entries using 348 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 573 total bytes of memory
BGP activity 3/0 prefixes, 3/0 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
68.2.0.3 4 65000 0 0 0 0 0 never Active
68.139.201.30 4 1 29 29 0 0 0 never Active
CE#show ip bgp summary
BGP router identifier 68.2.0.1, local AS number 1
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
68.139.201.29 4 65000 4246 4246 0 0 0 never Active

BGP configuration Problem

Hello Every Body,
I'm Mostafa CHAKIR from Moroccow, working as an telecom ingenieer, excuse my english is bad.
I'm configuring a cisco router to communicate with a juniper router with bgp routing protocol, every thing is OK, when I configured a bgp process in my router the bgp communication pass to estableched, and when i perform a "show ip route" command I see all route that the juniper router advertise. The problem is that in the other side they don't see my network, and my router show me a message :
*Mar 3 02:40:09.719: BGP: Applying map to find origin for 84.16.31.8/29
*Mar 1 00:05:06.331: BGP: Applying map to find origin for 84.16.31.8/29
In my side i use a private AS number, but in the other side they a public AS number, i will post an attachement diagram and the show-tec file.
Thank you for your help

Bonjour Mostafa,
The fact of advertising a public prefix using a private AS to your provider is not an issue since your provider will probaly remove the private AS or simply advertise an aggregate route covering your /29.
Did your provider tell you they don't receive the /29 you send them? Your configuration is rather simple and I see no reason for them not to receive it.
The other question is even if they receive it they should not advertise a /29 to the Internet but rather a /24. Did they give you the public IP address or do you own it. If you own it you should probably advertise the entire /24 and not a /29. A /29 will not propagate through the Internet as it will most probably be filtered either by your ISP or some other upstream ISP.
To check whether the route is advertised to the Internet, you can go to any router server and issue a "sh ip bgp x.x.x.x".
En esperant que cette information vous est utile,

ISP Redundancy in multihomed BGP scenario

Hi all,
We have setup the WAN network multihomed with dual ISP. The requirement is that if the primary ISP fail then all the traffic should automatically divert to the secondary ISP. How can we achieve it? If you know that we can use keepalive then could you provide me the configuration with the scenario. In normal working setup, all the traffic for the internal network comes through ISP 1 but if ISP 1 failed then without manual attribute manipulation BGP automatically route the traffic to ISP 2.
Thanks

Hi,
what exactly does not work during the switchover to the second ISP?
Your router is not getting prefixes from the second ISP or the second ISP is not getting proper prefixes from you?
I believe the second case is happenning?
As I see in the config
ip access-list extended Range-2
permit ip 7.17.24.0 0.0.0.255 any
ip access-list extended Range-3
permit ip 7.17.24.0 0.0.0.255 any
i.e., both ranges are identical, which is not correct, I guess?
And generally, I don't think using extended ACLs in a BGP route-map is a good idea, see
http://blog.ipspace.net/2008/03/use-extended-access-lists-to-filter-bgp.html
It's much easier to understand the config when ip prefix-lists are used instead, I can't follow your current config idea to be honest.
Best regards,
Milan

Bgp inject-map

Similar Messages

Maybe you are looking for