BGP route filter

Hi,
i am trying to filter the inbound routes from ISP , but ended up blocking all routes from ISP.
please can anyone advise..
the topology is like below
ip prefix-list PL_IN seq 5 10.13.1.26/29
router bgp 65000
neighbor 172.16.16.1 prefix-list seq 5 permit PL_IN in
i want the only route from PE router to be displayed in CE routing table is 10.13.1.26
and the same way how to restrict the outbound routes , the only route to be sent is 10.5.11.76 to PE router.

Hi,
configuration looks ok. Only thing to be checked that you have prefix with mask /29 only. Please share output of "show ip bgp 10.13.1.26/29 from 172.16.16.1 and 172.16.16.2
Regards,
Akash

Similar Messages

Basic BGP Route Filter

I have BGP peering with carrier. I would like to only accept routes from the carrier that I am interested in.
My Router : 128.100.1.1
router bgp 64514
no synchronization
bgp log-neighbor-changes
neighbor 10.10.10.2 remote-as 64514
neighbor 10.10.10.2 next-hop-self
neighbor 128.100.1.39 remote-as 64517
neighbor 128.100.1.39 default-originate
neighbor 128.100.1.39 prefix-list DENYROUTE in
neighbor 128.100.1.39 route-map Set_LP in
no auto-summary
ip prefix-list DENYROUTE seq 5 deny 128.100.8.0/24
ip prefix-list DENYROUTE seq 99 permit 0.0.0.0/0 le 32
OSPARK#sh ip route
128.100.0.0/16 is variably subnetted, 6 subnets, 2 masks
C 128.100.160.26/32 is directly connected, Loopback160
C 128.100.1.0/24 is directly connected, Vlan10
B 128.100.8.0/24 [20/0] via 128.100.1.39, 00:17:57
B 128.100.9.0/24 [20/0] via 128.100.1.39, 00:17:57
B 128.100.10.0/24 [20/0] via 128.100.1.39, 00:17:57
B 128.100.17.0/24 [200/0] via 10.10.10.2, 00:26:17
10.0.0.0/30 is subnetted, 3 subnets
C 10.10.10.0 is directly connected, Vlan100
B 10.37.184.196 [20/0] via 128.100.1.39, 00:17:59
B 10.37.184.200 [20/0] via 128.100.1.39, 00:17:59
S* 0.0.0.0/0 [1/0] via 128.100.1.30
OSPARK#
I am learning routes of 128.100.8.0 and 128.100.9.0 and 128.100.10.0. I would like to try and block 128.100.8.0 from coming to my router with Prefix List but doesn't work.
Carrier Router: 128.100.1.39
router bgp 64517
no synchronization
bgp log-neighbor-changes
neighbor 10.37.184.201 remote-as 65530
neighbor 128.100.1.1 remote-as 64514
no auto-summary

Just to elaborate on Henrik's excellent suggestion, run:
clear ip bgp 128.100.1.39 soft

MPLS BGP routes push to DMVPN spokes

I have an MPLS with BGP. I also have sites that are not connected directly to the MPLS, but have a s2s VPN to hub sites that are connected to the MPLS and that way they access the MPLS resources. I need to communicate the route changes to the MPLS when the DMVPN fails-over to another hub.
Currently this is my config:
Datacenter (MPLS only)
interface GigabitEthernet0/1
description MPLS
ip address 192.168.0.34 255.255.255.252
interface Vlan2
ip address 192.168.96.2 255.255.255.0
router bgp 65511
bgp log-neighbor-changes
network 192.168.96.0
neighbor 192.168.0.33 remote-as 65510
Hub site 1 (MPLS + internet)
interface Tunnel200
ip address 10.99.99.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map multicast dynamic
ip nhrp network-id 12345
ip nhrp holdtime 600
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description MPLS
ip address 192.168.1.2 255.255.255.0 secondary
ip address 192.168.0.2 255.255.255.252
router bgp 65001
bgp log-neighbor-changes
network 192.168.1.0
network 192.168.21.0
!10.99 clients are DMVPN spokes
neighbor 10.99.99.3 remote-as 99010
neighbor 10.99.99.3 route-reflector-client
neighbor 10.99.99.21 remote-as 99001
neighbor 10.99.99.21 route-reflector-client
!as 65000 is the MPLS PE
neighbor 192.168.0.1 remote-as 65000
Hub Site 2, has the same configuration, except for local ip address and router BGP ID.
Spoke site:
interface Tunnel200
ip address 10.99.99.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map 10.99.99.1 PUBLIC_IP_HUB_1
ip nhrp map 10.99.99.16 PUBLIC_IP_HUB_2
ip nhrp network-id 12345
ip nhrp holdtime 600
ip nhrp nhs 10.99.99.1 priority 1
ip nhrp nhs 10.99.99.16 priority 5
ip nhrp nhs fallback 60
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description Internal
ip address 192.168.3.1 255.255.255.192
router bgp 99010
bgp log-neighbor-changes
network 192.168.3.0
neighbor 10.99.99.1 remote-as 65001
neighbor 10.99.99.16 remote-as 65013
On this spoke site
#sh ip route
B 192.168.1.0/24 [20/0] via 10.99.99.1, 00:47:01
which is the HUB network, but the rest of the MPLS routes are not "learned".
What am I missing?
Thanks!

Hi Jon, I've ommited the configuration of the MPLS provider routers in between. The DC is connected to a router that has the AS 65510.
DC:CPE---PE:{MPLS}PE---CPE:HUB---{internet}---Spoke
The DC is ok getting the network information via BGP:
#sh ip route
B 192.168.3.0/24 [20/0] via 192.168.0.33, 3d05h
B 192.168.21.0/24 [20/0] via 192.168.0.33, 3d05h
#sh ip bgp 192.168.21.0
BGP routing table entry for 192.168.21.0/24, version 559
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
65510 3549 6140 3549 65000
192.168.0.33 from 192.168.0.33 (###.###.###.###)
Origin IGP, localpref 100, valid, external, best
#sh ip route 192.168.21.0
Routing entry for 192.168.21.0/24
Known via "bgp 65511", distance 20, metric 0
Tag 65510, type external
Last update from 192.168.0.33 3d05h ago
Routing Descriptor Blocks:
* 192.168.0.33, from 192.168.0.33, 3d05h ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65510
MPLS label: none
Spoke:
#sh ip bgp
BGP table version is 494, local router ID is 192.168.21.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.0.129.32/27 10.99.99.16 0 65013 65012 3549 ?
*> 192.168.96.0 10.99.99.16 0 65013 65012 3549 6745 65510 ?
#sh ip route 192.168.96.0
Routing entry for 192.168.96.0/24
Known via "bgp 99001", distance 20, metric 0
Tag 65013, type external
Last update from 10.99.99.16 00:02:11 ago
Routing Descriptor Blocks:
* 10.99.99.16, from 10.99.99.16, 00:02:11 ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65013
MPLS label: none
#sh ip bgp 192.168.96.0
BGP routing table entry for 192.168.96.0/24, version 465
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 2
65013 65012 3549 6745 65510
10.99.99.16 from 10.99.99.16 (10.2.16.1)
Origin incomplete, localpref 100, valid, external, best
The route is not being updated to the rest of the routers, and the 192.168.21.0 network is still announced via the old route.
(from spoke)
ping 192.168.96.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.96.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
From DC
#traceroute 192.168.21.1
Type escape sequence to abort.
Tracing the route to 192.168.21.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.0.33 [AS 65510] 0 msec 0 msec 0 msec
2 172.50.1.33 [AS 65510] 56 msec 36 msec 36 msec
3 10.80.1.1 [AS 3549] 44 msec 44 msec 44 msec
4 10.80.1.2 [AS 3549] 172 msec 172 msec 168 msec
5 172.50.1.1 [AS 3549] 168 msec 168 msec 172 msec
6 172.50.1.2 [AS 3549] 180 msec 180 msec 176 msec
7 192.168.0.2 [AS 65000] 172 msec 172 msec 168 msec <- old route, should be 192.168.0.9
8 192.168.0.2 [AS 65000] !H * !H

EIGRP vs BGP route path selection scenario

I am looking for a routing solution to the following scenario. It is a fairly simple design.
I have two WAN connections between sites A and B. One is a 20 Meg Metro Ethernet Circuit running EIGRP. The other is a 10 Meg MPLS running BGP. What do I need to do in my configuration to make sure that the 20 Meg connection is the chosen path based off the fact that it has better speed and bandwidth? It appears to me that the MPLS is the preferred path even though it is slower.
See attached Diagram:
Site A Config
interface GigabitEthernet1/0/12
description PADC COX P2P 20 Meg
no switchport
bandwidth 20480
ip address 172.20.1.1 255.255.255.252
interface GigabitEthernet2/0/2
description LEVEL 3 MPLS
no switchport
bandwidth 10240
ip address 172.22.0.2 255.255.255.252
router eigrp 1
network 10.0.1.0 0.0.0.255
network 172.20.1.0 0.0.0.3
network 192.168.76.8 0.0.0.3
redistribute bgp 65003 metric 100 1 255 1 1500 route-map MPLS_NETWORKS
redistribute static route-map DEFAULT_ROUTE
router bgp 65003
bgp log-neighbor-changes
redistribute static
redistribute eigrp 1
neighbor 172.22.0.1 remote-as 1
default-information originate
Site B Config
interface GigabitEthernet0/1
description COX Communications 10 Meg to Venyu
bandwidth 20480
ip address 172.20.1.2 255.255.255.252
duplex auto
speed auto
service-policy output VOIP
interface GigabitEthernet0/2
description Level 3 MPLS
bandwidth 10240
ip address 172.22.1.2 255.255.255.252
duplex full
speed 100
router eigrp 1
network 10.3.1.0 0.0.0.31
network 10.52.1.0 0.0.0.255
network 10.76.6.0 0.0.0.255
network 172.20.1.0 0.0.0.3
network 192.168.63.64 0.0.0.63
network 192.168.76.249 0.0.0.0
passive-interface default
no passive-interface GigabitEthernet0/0
no passive-interface GigabitEthernet0/1
router bgp 65003
bgp log-neighbor-changes
network 10.3.1.0 mask 255.255.255.224
network 10.52.1.0 mask 255.255.255.0
network 10.76.6.0 mask 255.255.255.0
network 192.168.76.249 mask 255.255.255.255
neighbor 172.22.1.1 remote-as 1

If each router is receiving advertisements for the same networks/subnet masks from both BGP and EIGRP it will always choose the BGP routes because they have a lower AD ie. 20 vs EIGRP 90.
Doesn't matter what the bandwidth is.
If you want to prefer the 20Mbps links then there are a number of options -
1) if you can summarise each sites subnets then advertise the summary via BGP and the more specific via EIGRP. More specific will be chosen even before AD is taken into account.
2) change the AD of either BGP or EIGRP so EIGRP ends up with the lower AD
3) run BGP on both links although you would still need to manipulate the attributes to make sure the link you want is used.
Jon

Query on BGP route distribution

Hello Everyone
In the below scenario (GNS3), IBGP peering enabled between R1-R2, R1-R3, R2-R3 and EBGP peering enabled between R2-R4,R3-R5,R4-R6,R5-R7. OSPF enabled as IGP. Scenario attached for reference.
The problem I've observed in R1 is not getting entire BGP routing table for destinations 30.x.x.x/40.x.x.x.
I'm able to see only best routes in R1 BGP routing table, but alternate valid routes are not visible in its topology table.
R1#sh ip bgp
BGP table version is 81, local router ID is 100.100.2.1
*>i30.30.1.0/24     10.10.1.2                0    100      0 200 300 ?
*>i30.30.2.0/24     10.10.1.2                0    100      0 200 300 ?
*>i40.40.1.0/24     10.10.2.2                0    100      0 200 400 i
*>i40.40.2.0/24     10.10.2.2                0    100      0 200 400 i
*> 100.100.1.0/24   0.0.0.0                  0         32768 i
*> 100.100.2.0/24   0.0.0.0                  0         32768 i
More confusing part to me is when I disable IBGP peering between R2-R3 or shutdown interface between R2-R3 or else if I disable ospf in R1,R2 & R3 routers , I'm able to see both best route and alternate valid route in BGP topology table.
R1#sh ip bgp

Hi Milin & Renan,
Thanks for your replies. To narrow down the problem, I’ve shut down the 40.40.x.x network.
Now between R2-R3, R3 is not advertising 30.30.X.X network to R2, but whereas R2 is advertising 30.30.X.X network to R3. Why R3 is not advertising 30.30.X.X (route via 200 400 300) to R2.
R2#sh ip bgp ( No alternate route)
Network          Next Hop            Metric LocPrf Weight Path
*> 30.30.1.0/24     10.10.4.2                              0 200 300 ?
*> 30.30.2.0/24     10.10.4.2                              0 200 300 ?
*>i100.100.1.0/24   10.10.1.1                0   100      0 i
*>i100.100.2.0/24   10.10.1.1                0    100      0 i
R2#sh ip bgp summary
Neighbor        V    AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down State/PfxRcd
10.10.1.1       4   100      96      98        5    0    0 01:05:50        2
10.10.3.2       4   100      98     100        5    0    0 01:05:54        0
10.10.4.2       4   200     100      98        5    0    0 01:05:39        2
R3#sh ip bgp ( only in R3 we can see both best route & alternate route)
   Network          Next Hop            Metric LocPrf Weight Path
*>i30.30.1.0/24     10.10.3.1                0    100      0 200 300 ?
*                   10.10.5.2                              0 200 400 300 ?
*>i30.30.2.0/24     10.10.3.1                0    100      0 200 300 ?
*                   10.10.5.2                              0 200 400 300 ?
*>i100.100.1.0/24   10.10.2.1                0    100      0 i
*>i100.100.2.0/24   10.10.2.1                0    100      0 i
R3#sh ip bgp summary
Neighbor        V    AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down State/PfxRcd
10.10.2.1       4   100      54      57       19    0    0 00:50:17        2
10.10.3.1       4   100      62      60       19    0    0 00:27:22        2
10.10.5.2       4   200      58      58       19    0    0 00:50:08        2

Bgp Route reflector

Hello,
i have this bgp topology all router running bgp and no igp is running. Now, the problem is R2 and R3 are route reflector, R1 and R4 are Rclient.
R3 has learn route from R4 (4.4.4.4) from its R client and it advertise to R2 but R2 not advertise (4.4.4.4) route to its client (R1).
R1#sh ip bgp
BGP table version is 5, local router ID is 192.168.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*>i2.2.2.2/32 192.168.12.2 0 100 0 i
* i3.3.3.3/32 192.168.23.3 0 100 0 i
R2#sh ip bgp
BGP table version is 8, local router ID is 192.168.12.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 192.168.12.1 0 100 0 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*>i3.3.3.3/32 192.168.23.3 0 100 0 i
* i4.4.4.4/32 192.168.34.4 0 100 0 i

R3#sh ip bgp
BGP table version is 8, local router ID is 192.168.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.1/32 192.168.12.1 0 100 0 i
*>i2.2.2.2/32 192.168.23.2 0 100 0 i
*> 3.3.3.3/32 0.0.0.0 0 32768 i
*>i4.4.4.4/32 192.168.34.4 0 100 0
R3#sh run | se router bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
neighbor 192.168.23.2 remote-as 1
neighbor 192.168.23.2 next-hop-self
neighbor 192.168.34.4 remote-as 1
neighbor 192.168.34.4 route-reflector-client
no auto-summary

PBR Using Tracked BGP Route

Hello Guys,
My scenario is:
2 Sites interconnected by 2 MPLS Links and BGP between the routers.
I need some help to force some traffic to be routed using one Link based on Protocol or TCP Port.
But if the link goes down, I need the traffic to be send using another link.
I want to do a PBR using track that validates a specific BGP Route or BGP Neighbor.
Can someone tell me some tips for this case?
Best Regards.
Heleno Fagundes

Hi,
For your two concerns.
**2 Sites interconnected by 2 MPLS Links and BGP between the routers
Do you have some sort of network diagram ????
**I want to do a PBR using track that validates a specific BGP Route or BGP Neighbor.
We can always apply a track and an IP sla monitoring an IP address which the router is receiving from its BGP peer which you wish to monitor.
I am sure if you provide me sample diagram/config i'll be able to give some more descriptive answer.
Regards,
HK

BGP route advertisement

I am confused about which routes will a bgp speaker advertise to its bgp neighbors?
Will it advertise the bgp routes in routing table OR will it advertise the best routes from the bgp table (but not necessarily in routing table)?

Thanks!!
I thought so, but in Troubleshooting IP Routing Protocols book by Cisco press, it is stated that bgp router will advertise its routes from routing table, so wanted to confirm that that was indeed wrong.
On page 668, this is what is written:
One rule that BGP follows when advertising prefixes to other neighbors is that the prefix being advertised must
exist in the routing table of the advertising router.

Monitoring a BGP route and AS-PATH.

Hello.
I need to receive a SNMP trap when a BGP route, received with a specific AS-PATH, disappears from routing table.
Any ideas?
Thanks.
Andrea

You can use EEM for this. Check out the cisco beyond web site for sample scripts that may help you do this.
A company that I used to work for, www.magnus.net had a mature EEM solution for doing this for large network environments. They took a standalone router and using EEM turned it into a route monitor. It would send out notifications when BGP routes of defined attributes like AS-Path diasappeared from routing tables. It was driven by an excel spreadsheet as inputs. It was written by a super CCIE engineer.

BGP router id change

Hi,
I would like to change the bgp router id on my router that dialogue with peers in other AS.
I will use the loopback interface 0 and I have a doubt about the ip address that I can use.
I think that can be a private address in a public addresses domain. Is it correct?
So, I think that it's better I'd implement the ebgp multihop command with the remote AS peers. Right?
Before I do these changes do I have to warn the other peers to permit to change their configuration?

Hello,
Changing your router-id will be effective after you reset your connections.
You can use a RFC 1918 address to suit your needs. Be careful not to leak the address to the Internet.
If you use the Loopback interface as a update-source you need to use the ebgp-multihop command for reachability. If you are useing it for a router-id only you should not bother to change the TTL in BGP packets.
It is recommended that you inform your peers about your plans.
HTH
Leon
* Please rate posts.

BGP Router high process

What do we need to do if BGP Router contribute high process in CPU?
CPU utilization for five seconds: 97%/43%; one minute: 99%; five minutes: 92%
PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process
44    36270732 35464661       1022 25.03% 15.21% 14.43%   0 BGP Router
325   7703860203228294256          0 10.47% 5.58% 5.24%   0 IP Input
455     7596596 28244228        268 5.59% 1.60% 0.82%   0 BGP I/O
543    13576608   8569950       1584 3.83% 18.94% 9.57%   0 BGP Task
   9   152474380 15201602      10030 2.07% 0.27% 0.57%   0 Check heaps
376    16372652   7777145       2105 1.83% 13.93% 13.76%   0 IP RIB Update
358    56785192 14452691       3929 0.95% 0.44% 0.52%   0 CEF: IPv4 proces
23    55656604 116191071        479 0.71% 0.51% 0.50%   0 ARP Input
348     5736736   7812055        734 0.63% 4.19% 5.03%   0 XDR mcast
546    36531108 132425650        275 0.63% 0.37% 0.28%   0 Port manager per
35    56337684 306101724        184 0.23% 0.42% 0.30%   0 IPC Seat Manager
330   287962916 871459868        330 0.23% 0.39% 1.61%   0 SNMP ENGINE
286      7682841067821917          0 0.15% 0.07% 0.07%   0 Ethernet Msec Ti
626      354112    825565        428 0.15% 0.11% 0.09%   0 IPv6 Input
   3      754316 523105917          1 0.15% 0.10% 0.09%   0 HSRP Common
385     2182508 14151135        154 0.15% 0.10% 0.14%   0 L3 Manager
317    44655884 658073408         67 0.07% 0.04% 0.21%   0 PDU DISPATCHER
395     4363480   4661440        936 0.07% 0.04% 0.05%   0 HIDDEN VLAN Proc
323     1161648 134374319          8 0.07% 0.04% 0.05%   0 VRRS Main thread
56     2269676   9230664        245 0.07% 0.08% 0.07%   0 Per-Second Jobs
240     1449416   1870109        775 0.07% 0.04% 0.05%   0 Compute load avg
243   1488814081309230003        113 0.07% 0.13% 0.76%   0 IP SNMP
CPU utilization for five seconds: 97%/43%; one minute: 99%; five minutes: 92%
PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process
44    36270732 35464661       1022 25.03% 15.21% 14.43%   0 BGP Router
325   7703860203228294256          0 10.47% 5.58% 5.24%   0 IP Input
455     7596596 28244228        268 5.59% 1.60% 0.82%   0 BGP I/O
543    13576608   8569950       1584 3.83% 18.94% 9.57%   0 BGP Task
   9   152474380 15201602      10030 2.07% 0.27% 0.57%   0 Check heaps
376    16372652   7777145       2105 1.83% 13.93% 13.76%   0 IP RIB Update
358    56785192 14452691       3929 0.95% 0.44% 0.52%   0 CEF: IPv4 proces
23    55656604 116191071        479 0.71% 0.51% 0.50%   0 ARP Input
348     5736736   7812055        734 0.63% 4.19% 5.03%   0 XDR mcast
546    36531108 132425650        275 0.63% 0.37% 0.28%   0 Port manager per
35    56337684 306101724        184 0.23% 0.42% 0.30%   0 IPC Seat Manager
330   287962916 871459868        330 0.23% 0.39% 1.61%   0 SNMP ENGINE
286      7682841067821917          0 0.15% 0.07% 0.07%   0 Ethernet Msec Ti
626      354112    825565        428 0.15% 0.11% 0.09%   0 IPv6 Input
   3      754316 523105917          1 0.15% 0.10% 0.09%   0 HSRP Common
385     2182508 14151135        154 0.15% 0.10% 0.14%   0 L3 Manager
317    44655884 658073408         67 0.07% 0.04% 0.21%   0 PDU DISPATCHER
395     4363480   4661440        936 0.07% 0.04% 0.05%   0 HIDDEN VLAN Proc
323     1161648 134374319          8 0.07% 0.04% 0.05%   0 VRRS Main thread
56     2269676   9230664        245 0.07% 0.08% 0.07%   0 Per-Second Jobs
240     1449416   1870109        775 0.07% 0.04% 0.05%   0 Compute load avg
243   1488814081309230003        113 0.07% 0.13% 0.76%   0 IP SNMP

Hi,
BGP Router process is in charge to determine the best path and processes any route "churn". It also sends and receives routes, establishes peers, and interacts with the routing information base (RIB).
(http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/107615-highcpu-bgp.html)
So I suggest to check what make this process working hard. Depending on that you can choose what to do: bgp dampening (if you have many changes in advertisement received form a neighbor), tuning timer (if neighbor is flapping), using peer-group / update-groups to reduce the amount of job your BGP process has to do to process updates etc...
Have a look here: https://supportforums.cisco.com/discussion/11604471/high-cpu-usage-bgp-router-process
Bye,
enrico
PS please rate if useful

Troubleshooting with IOS BGP and IOS XR BGP - routing table Empty

Hi
actually we tried to make a neigborhood between ASR9000 and Cisco 7600, we have the neigborhood active but on routing tables from ASR only have the networks locals or connected doesn´t learn anything from BGP 7600
the diagram is this:
When try to know the routes on ASR9000 from Cisco 7609 happen the follow
the neighbor is UP from Cisco 7600 and ASR 9000 but the routing table is empty.
the config on cisco 7600 is:
router bgp 2006
neighbor 172.16.14.6 remote-as 64512
address-family ipv4
neighbor 172.16.14.6 activate
the config on cisco ASR9000 is:
router bgp 64512
bgp router-id 172.16.161.1
address-family ipv4 unicast
neighbor 172.16.14.5
remote-as 2006
address-family ipv4 unicast
Help us
Best Regards

Another important one is the fact that in XR you need to have RPL policies (even if they only have a "pass-all" functionality) to accept inbound/outbound routes in eBGP.
Check the article on the asr9000 unequal cost multipath that has some sample BGP outputs and show command verifications that may help also.
If not the case, get us the XR config from the A9K side.
Also what does the bgp table on teh IOS side look like? as Richard suggests, there doesnt seem to be anything injected by the 7600 itself.
regards
xander
Xander Thuijs
Principal Engineer CCIE#6775, ASR9000

Dual homed bgp route perference help

Good Morning, sir
I have a question regarding bgp route preference.
We have multi-homed BGP on remote site.
Let's call this site , site_a has verizon and at&t MPLS connection using bgp.
Currently, at&t route is preferred using as path prepend method.
We have addition AS number prepended on link to Verizon to prefer at&t route.
At this time, verizon is idle and not being used.
We would like to utilize this network to pass backup traffic.
We have source and destination address that we would like to pass through Verizon (out backup) link.
Any idea how I can do this?
I created the source/destination with ACL and created route-map matching that ACL and tweaked the local preference.
and since only major route is listed under 'show ip bgp' and not the specific route which I would like to influence,
I didn't see the tweaked route on routing table.
Any idea, anyone?
Thanks

Getting the specific route into the routing depends on what is there ie. -
if there is already a route with same prefix and subnet mask in your IP routing table then you are fine.
If there isn't and your routing table does not have even more specific routes covering the whole subnet you want to advertise then you could use a static route either pointing to the next hop IP or the interface on the router used to get to that subnet.
Then you can use a "network ..." statement under your BGP configuration to advertise it and use a route map to only advertise it down the backup link.
Jon

Router Filter Setting

I need help on router filter setting. I am using router model WRT160Nv3. I have a very specific set of filtering requirements (see below) to be implemented. I implemented all of them except the first one. It is not clear to me how I could implement that. I am including all the requirements because I think I run out of filtering policy (the router allows only 10 policies)
Filtering requirements:
1. Allow all machines access to internet from 3:00 to 4:00pm, and from 7:00 to 12:00 midnight (each policy can have only one time range)
2. Block 6 different sites 24 x 7 (each policy can block up to 4 sites)
3. Block 30 different keywords (each policy can block up to 4 keywords)
Couple questions:
1. What is the "combining" logic on multiple policies? Are they AND together or OR together? Do ALLOW and DENY use the same or different logic?
2. Each policy allows only one time range. Does it mean that I have to split requirement 1 into 2 policies, one for each range? If I use two policies,
    it seems the "combining" logic may be difficult?
Thank you for your help in advance,
AK

Mario,
I resolved my problem.
Make sure your router is also WRT160Nv3. My solution applies only to that model.
There were couple things that I did:
1. Reduced the number of keywords to be filtered so that they used up less policies.
2. All policies have the same logics:
    If the conditions meet, it will apply the actions. The conditions are: time range, site names, keywords, etc.
    The actions are allow or deny corresponding to the condition.
    For example, if one of the policy said site www.xyz.com would be blocked. If the site occurred, that policy would
    fire and block the site. That means the logic is OR among the policies.
3. You can use up all the conditions in the same policy. All the conditions are independent of each other.
    For example, each keyword is blocked independent of other keywords, regardless of the time range.
4. I set up one policy with time range = 24 hours for allow.
    Then set up another policy with time range = 4:00pm to 7:00pm for deny. That covered my time range requirements.
5. Then I set up other policies to cover sites and keywords. Since they were all independent to each other,
    as long as the condition occurred to any one of the policies, the policy would fire and perform the action.
I hope that would answer your question.
Andrew K

How to establish BGP Neighbourship without receiving BGP routes ?

Hi All,
I would like to establish BGP Neighbourship between my internet router and ISP router.
However I would not like my internet router to receive millions of bgp routes from the ISP router but my inside users should access internet via my internet router.
Kindly suggest how to do it.
Regards,
Mitesh Manwatkar.

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Also depending on you setup with your ISP, you might not need BGP at all. Sometimes the ISP will advertize your public IP space (i.e. you don't need to), and if they do, all you need is a default route out.
PS:
Also BTW, often for basic ISP connectivity, even when BGP peering with your ISP, the ISP will not send you any routes but a default (because with a single link, there's no need for them).

BGP route filter

Similar Messages

Maybe you are looking for