BGP route filtering
How to stop isp1 routes advertisement via isp2 on Bgp...
The problem is when my spoke isp1 mpls down...
Still it is getting routes via isp2
I do not have an understanding of your topology or of the relationship between ISP 1 and ISP 2 and therefore can not be sure how well my suggestion will work. But here is what I frequently use when I want to be sure that routes learned from ISP 1 do not get advertised to ISP 2.
ip as-path access-list 10 permit ^$
router bgp 123
neighbor 1.2.3.4 filter-list 10 out
HTH
Rick
Similar Messages
-
Good day Colleagues,
I want to ask you advice about the policy for BGP prefix filtering. The main idea is to automatize the process of prefix filtering. I've read a lot of articles about it, but I need to discuss it to be sure about the correct way to implement it on practice.
A few words about our network... Our company is ISP. We are using C7200, C7600 and AS5350XM for peering, connection to the upstreams and the customers.
A few main questions:
1. To create the prefix-list or as-path acl I am using RtConf or bgpq. Than I use our own script to connect via telnet/ssh to a router. Is it normal practice? Do you use your own script(perl, bash, etc) or mix of it with the programs like Rancid?
2.If to put a few prefix-lists on AS5350XM the output of the config will be not a simple task and I afraid it could be the problem to keep in RAM so many information. Some prefix-list can contain more than 10 000 strings and if we have about 50 peers on the router, than it will be a problem. Or you can imagine the prefix-list for the route-server on DECIX, LINX, etc. What do you think about it?
3.Is it good idea to use uRPF? What do you recommend?
4.To protect the network from bogons, martians, unallocated ip-addresses I am thinking about using the prefix-list on 10 300 strings (question 2) or use the bogon route-server from team-cymru. It is very hard to trust the route-server... what could be if it will advertise the normal prefixes... What do you about it? Maybe I just can't effort such kind of protection with my resources.
5. Very often some prefixes from peers would be filtered by my prefix-list. Should I ask them about the situation (check RIPE, etc.), or just forget about it? What would be better?
P.S. I am talking about the prefix-lists because the as-path acls can't do the filtering as strict as the prefix-lists do.
Thank you in advance for any comments,
DmitryEven though you're using a prefix list, the prefix list is used for filtering and not advertising the network. You still have to advertise the network using "network 2001:600:1:1::1/128" and you should see it.
HTH,
John
*** Please rate all useful posts *** -
EIGRP vs BGP route path selection scenario
I am looking for a routing solution to the following scenario. It is a fairly simple design.
I have two WAN connections between sites A and B. One is a 20 Meg Metro Ethernet Circuit running EIGRP. The other is a 10 Meg MPLS running BGP. What do I need to do in my configuration to make sure that the 20 Meg connection is the chosen path based off the fact that it has better speed and bandwidth? It appears to me that the MPLS is the preferred path even though it is slower.
See attached Diagram:
Site A Config
interface GigabitEthernet1/0/12
description PADC COX P2P 20 Meg
no switchport
bandwidth 20480
ip address 172.20.1.1 255.255.255.252
interface GigabitEthernet2/0/2
description LEVEL 3 MPLS
no switchport
bandwidth 10240
ip address 172.22.0.2 255.255.255.252
router eigrp 1
network 10.0.1.0 0.0.0.255
network 172.20.1.0 0.0.0.3
network 192.168.76.8 0.0.0.3
redistribute bgp 65003 metric 100 1 255 1 1500 route-map MPLS_NETWORKS
redistribute static route-map DEFAULT_ROUTE
router bgp 65003
bgp log-neighbor-changes
redistribute static
redistribute eigrp 1
neighbor 172.22.0.1 remote-as 1
default-information originate
Site B Config
interface GigabitEthernet0/1
description COX Communications 10 Meg to Venyu
bandwidth 20480
ip address 172.20.1.2 255.255.255.252
duplex auto
speed auto
service-policy output VOIP
interface GigabitEthernet0/2
description Level 3 MPLS
bandwidth 10240
ip address 172.22.1.2 255.255.255.252
duplex full
speed 100
router eigrp 1
network 10.3.1.0 0.0.0.31
network 10.52.1.0 0.0.0.255
network 10.76.6.0 0.0.0.255
network 172.20.1.0 0.0.0.3
network 192.168.63.64 0.0.0.63
network 192.168.76.249 0.0.0.0
passive-interface default
no passive-interface GigabitEthernet0/0
no passive-interface GigabitEthernet0/1
router bgp 65003
bgp log-neighbor-changes
network 10.3.1.0 mask 255.255.255.224
network 10.52.1.0 mask 255.255.255.0
network 10.76.6.0 mask 255.255.255.0
network 192.168.76.249 mask 255.255.255.255
neighbor 172.22.1.1 remote-as 1If each router is receiving advertisements for the same networks/subnet masks from both BGP and EIGRP it will always choose the BGP routes because they have a lower AD ie. 20 vs EIGRP 90.
Doesn't matter what the bandwidth is.
If you want to prefer the 20Mbps links then there are a number of options -
1) if you can summarise each sites subnets then advertise the summary via BGP and the more specific via EIGRP. More specific will be chosen even before AD is taken into account.
2) change the AD of either BGP or EIGRP so EIGRP ends up with the lower AD
3) run BGP on both links although you would still need to manipulate the attributes to make sure the link you want is used.
Jon -
MPLS BGP routes push to DMVPN spokes
I have an MPLS with BGP. I also have sites that are not connected directly to the MPLS, but have a s2s VPN to hub sites that are connected to the MPLS and that way they access the MPLS resources. I need to communicate the route changes to the MPLS when the DMVPN fails-over to another hub.
Currently this is my config:
Datacenter (MPLS only)
interface GigabitEthernet0/1
description MPLS
ip address 192.168.0.34 255.255.255.252
interface Vlan2
ip address 192.168.96.2 255.255.255.0
router bgp 65511
bgp log-neighbor-changes
network 192.168.96.0
neighbor 192.168.0.33 remote-as 65510
Hub site 1 (MPLS + internet)
interface Tunnel200
ip address 10.99.99.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map multicast dynamic
ip nhrp network-id 12345
ip nhrp holdtime 600
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description MPLS
ip address 192.168.1.2 255.255.255.0 secondary
ip address 192.168.0.2 255.255.255.252
router bgp 65001
bgp log-neighbor-changes
network 192.168.1.0
network 192.168.21.0
!10.99 clients are DMVPN spokes
neighbor 10.99.99.3 remote-as 99010
neighbor 10.99.99.3 route-reflector-client
neighbor 10.99.99.21 remote-as 99001
neighbor 10.99.99.21 route-reflector-client
!as 65000 is the MPLS PE
neighbor 192.168.0.1 remote-as 65000
Hub Site 2, has the same configuration, except for local ip address and router BGP ID.
Spoke site:
interface Tunnel200
ip address 10.99.99.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map 10.99.99.1 PUBLIC_IP_HUB_1
ip nhrp map 10.99.99.16 PUBLIC_IP_HUB_2
ip nhrp network-id 12345
ip nhrp holdtime 600
ip nhrp nhs 10.99.99.1 priority 1
ip nhrp nhs 10.99.99.16 priority 5
ip nhrp nhs fallback 60
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description Internal
ip address 192.168.3.1 255.255.255.192
router bgp 99010
bgp log-neighbor-changes
network 192.168.3.0
neighbor 10.99.99.1 remote-as 65001
neighbor 10.99.99.16 remote-as 65013
On this spoke site
#sh ip route
B 192.168.1.0/24 [20/0] via 10.99.99.1, 00:47:01
which is the HUB network, but the rest of the MPLS routes are not "learned".
What am I missing?
Thanks!Hi Jon, I've ommited the configuration of the MPLS provider routers in between. The DC is connected to a router that has the AS 65510.
DC:CPE---PE:{MPLS}PE---CPE:HUB---{internet}---Spoke
The DC is ok getting the network information via BGP:
#sh ip route
B 192.168.3.0/24 [20/0] via 192.168.0.33, 3d05h
B 192.168.21.0/24 [20/0] via 192.168.0.33, 3d05h
#sh ip bgp 192.168.21.0
BGP routing table entry for 192.168.21.0/24, version 559
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
65510 3549 6140 3549 65000
192.168.0.33 from 192.168.0.33 (###.###.###.###)
Origin IGP, localpref 100, valid, external, best
#sh ip route 192.168.21.0
Routing entry for 192.168.21.0/24
Known via "bgp 65511", distance 20, metric 0
Tag 65510, type external
Last update from 192.168.0.33 3d05h ago
Routing Descriptor Blocks:
* 192.168.0.33, from 192.168.0.33, 3d05h ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65510
MPLS label: none
Spoke:
#sh ip bgp
BGP table version is 494, local router ID is 192.168.21.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.0.129.32/27 10.99.99.16 0 65013 65012 3549 ?
*> 192.168.96.0 10.99.99.16 0 65013 65012 3549 6745 65510 ?
#sh ip route 192.168.96.0
Routing entry for 192.168.96.0/24
Known via "bgp 99001", distance 20, metric 0
Tag 65013, type external
Last update from 10.99.99.16 00:02:11 ago
Routing Descriptor Blocks:
* 10.99.99.16, from 10.99.99.16, 00:02:11 ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65013
MPLS label: none
#sh ip bgp 192.168.96.0
BGP routing table entry for 192.168.96.0/24, version 465
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 2
65013 65012 3549 6745 65510
10.99.99.16 from 10.99.99.16 (10.2.16.1)
Origin incomplete, localpref 100, valid, external, best
The route is not being updated to the rest of the routers, and the 192.168.21.0 network is still announced via the old route.
(from spoke)
ping 192.168.96.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.96.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
From DC
#traceroute 192.168.21.1
Type escape sequence to abort.
Tracing the route to 192.168.21.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.0.33 [AS 65510] 0 msec 0 msec 0 msec
2 172.50.1.33 [AS 65510] 56 msec 36 msec 36 msec
3 10.80.1.1 [AS 3549] 44 msec 44 msec 44 msec
4 10.80.1.2 [AS 3549] 172 msec 172 msec 168 msec
5 172.50.1.1 [AS 3549] 168 msec 168 msec 172 msec
6 172.50.1.2 [AS 3549] 180 msec 180 msec 176 msec
7 192.168.0.2 [AS 65000] 172 msec 172 msec 168 msec <- old route, should be 192.168.0.9
8 192.168.0.2 [AS 65000] !H * !H -
Query on BGP route distribution
Hello Everyone
In the below scenario (GNS3), IBGP peering enabled between R1-R2, R1-R3, R2-R3 and EBGP peering enabled between R2-R4,R3-R5,R4-R6,R5-R7. OSPF enabled as IGP. Scenario attached for reference.
The problem I've observed in R1 is not getting entire BGP routing table for destinations 30.x.x.x/40.x.x.x.
I'm able to see only best routes in R1 BGP routing table, but alternate valid routes are not visible in its topology table.
R1#sh ip bgp
BGP table version is 81, local router ID is 100.100.2.1
*>i30.30.1.0/24 10.10.1.2 0 100 0 200 300 ?
*>i30.30.2.0/24 10.10.1.2 0 100 0 200 300 ?
*>i40.40.1.0/24 10.10.2.2 0 100 0 200 400 i
*>i40.40.2.0/24 10.10.2.2 0 100 0 200 400 i
*> 100.100.1.0/24 0.0.0.0 0 32768 i
*> 100.100.2.0/24 0.0.0.0 0 32768 i
More confusing part to me is when I disable IBGP peering between R2-R3 or shutdown interface between R2-R3 or else if I disable ospf in R1,R2 & R3 routers , I'm able to see both best route and alternate valid route in BGP topology table.
R1#sh ip bgpHi Milin & Renan,
Thanks for your replies. To narrow down the problem, I’ve shut down the 40.40.x.x network.
Now between R2-R3, R3 is not advertising 30.30.X.X network to R2, but whereas R2 is advertising 30.30.X.X network to R3. Why R3 is not advertising 30.30.X.X (route via 200 400 300) to R2.
R2#sh ip bgp ( No alternate route)
Network Next Hop Metric LocPrf Weight Path
*> 30.30.1.0/24 10.10.4.2 0 200 300 ?
*> 30.30.2.0/24 10.10.4.2 0 200 300 ?
*>i100.100.1.0/24 10.10.1.1 0 100 0 i
*>i100.100.2.0/24 10.10.1.1 0 100 0 i
R2#sh ip bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.1.1 4 100 96 98 5 0 0 01:05:50 2
10.10.3.2 4 100 98 100 5 0 0 01:05:54 0
10.10.4.2 4 200 100 98 5 0 0 01:05:39 2
R3#sh ip bgp ( only in R3 we can see both best route & alternate route)
Network Next Hop Metric LocPrf Weight Path
*>i30.30.1.0/24 10.10.3.1 0 100 0 200 300 ?
* 10.10.5.2 0 200 400 300 ?
*>i30.30.2.0/24 10.10.3.1 0 100 0 200 300 ?
* 10.10.5.2 0 200 400 300 ?
*>i100.100.1.0/24 10.10.2.1 0 100 0 i
*>i100.100.2.0/24 10.10.2.1 0 100 0 i
R3#sh ip bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.2.1 4 100 54 57 19 0 0 00:50:17 2
10.10.3.1 4 100 62 60 19 0 0 00:27:22 2
10.10.5.2 4 200 58 58 19 0 0 00:50:08 2 -
Hello,
i have this bgp topology all router running bgp and no igp is running. Now, the problem is R2 and R3 are route reflector, R1 and R4 are Rclient.
R3 has learn route from R4 (4.4.4.4) from its R client and it advertise to R2 but R2 not advertise (4.4.4.4) route to its client (R1).
R1#sh ip bgp
BGP table version is 5, local router ID is 192.168.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*>i2.2.2.2/32 192.168.12.2 0 100 0 i
* i3.3.3.3/32 192.168.23.3 0 100 0 i
R2#sh ip bgp
BGP table version is 8, local router ID is 192.168.12.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 192.168.12.1 0 100 0 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*>i3.3.3.3/32 192.168.23.3 0 100 0 i
* i4.4.4.4/32 192.168.34.4 0 100 0 iR3#sh ip bgp
BGP table version is 8, local router ID is 192.168.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.1/32 192.168.12.1 0 100 0 i
*>i2.2.2.2/32 192.168.23.2 0 100 0 i
*> 3.3.3.3/32 0.0.0.0 0 32768 i
*>i4.4.4.4/32 192.168.34.4 0 100 0
R3#sh run | se router bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
neighbor 192.168.23.2 remote-as 1
neighbor 192.168.23.2 next-hop-self
neighbor 192.168.34.4 remote-as 1
neighbor 192.168.34.4 route-reflector-client
no auto-summary -
Hello Guys,
My scenario is:
2 Sites interconnected by 2 MPLS Links and BGP between the routers.
I need some help to force some traffic to be routed using one Link based on Protocol or TCP Port.
But if the link goes down, I need the traffic to be send using another link.
I want to do a PBR using track that validates a specific BGP Route or BGP Neighbor.
Can someone tell me some tips for this case?
Best Regards.
Heleno FagundesHi,
For your two concerns.
**2 Sites interconnected by 2 MPLS Links and BGP between the routers
Do you have some sort of network diagram ????
**I want to do a PBR using track that validates a specific BGP Route or BGP Neighbor.
We can always apply a track and an IP sla monitoring an IP address which the router is receiving from its BGP peer which you wish to monitor.
I am sure if you provide me sample diagram/config i'll be able to give some more descriptive answer.
Regards,
HK -
I am confused about which routes will a bgp speaker advertise to its bgp neighbors?
Will it advertise the bgp routes in routing table OR will it advertise the best routes from the bgp table (but not necessarily in routing table)?Thanks!!
I thought so, but in Troubleshooting IP Routing Protocols book by Cisco press, it is stated that bgp router will advertise its routes from routing table, so wanted to confirm that that was indeed wrong.
On page 668, this is what is written:
One rule that BGP follows when advertising prefixes to other neighbors is that the prefix being advertised must
exist in the routing table of the advertising router. -
Monitoring a BGP route and AS-PATH.
Hello.
I need to receive a SNMP trap when a BGP route, received with a specific AS-PATH, disappears from routing table.
Any ideas?
Thanks.
AndreaYou can use EEM for this. Check out the cisco beyond web site for sample scripts that may help you do this.
A company that I used to work for, www.magnus.net had a mature EEM solution for doing this for large network environments. They took a standalone router and using EEM turned it into a route monitor. It would send out notifications when BGP routes of defined attributes like AS-Path diasappeared from routing tables. It was driven by an excel spreadsheet as inputs. It was written by a super CCIE engineer. -
Hi,
I would like to change the bgp router id on my router that dialogue with peers in other AS.
I will use the loopback interface 0 and I have a doubt about the ip address that I can use.
I think that can be a private address in a public addresses domain. Is it correct?
So, I think that it's better I'd implement the ebgp multihop command with the remote AS peers. Right?
Before I do these changes do I have to warn the other peers to permit to change their configuration?Hello,
Changing your router-id will be effective after you reset your connections.
You can use a RFC 1918 address to suit your needs. Be careful not to leak the address to the Internet.
If you use the Loopback interface as a update-source you need to use the ebgp-multihop command for reachability. If you are useing it for a router-id only you should not bother to change the TTL in BGP packets.
It is recommended that you inform your peers about your plans.
HTH
Leon
* Please rate posts. -
What do we need to do if BGP Router contribute high process in CPU?
CPU utilization for five seconds: 97%/43%; one minute: 99%; five minutes: 92%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
44 36270732 35464661 1022 25.03% 15.21% 14.43% 0 BGP Router
325 7703860203228294256 0 10.47% 5.58% 5.24% 0 IP Input
455 7596596 28244228 268 5.59% 1.60% 0.82% 0 BGP I/O
543 13576608 8569950 1584 3.83% 18.94% 9.57% 0 BGP Task
9 152474380 15201602 10030 2.07% 0.27% 0.57% 0 Check heaps
376 16372652 7777145 2105 1.83% 13.93% 13.76% 0 IP RIB Update
358 56785192 14452691 3929 0.95% 0.44% 0.52% 0 CEF: IPv4 proces
23 55656604 116191071 479 0.71% 0.51% 0.50% 0 ARP Input
348 5736736 7812055 734 0.63% 4.19% 5.03% 0 XDR mcast
546 36531108 132425650 275 0.63% 0.37% 0.28% 0 Port manager per
35 56337684 306101724 184 0.23% 0.42% 0.30% 0 IPC Seat Manager
330 287962916 871459868 330 0.23% 0.39% 1.61% 0 SNMP ENGINE
286 7682841067821917 0 0.15% 0.07% 0.07% 0 Ethernet Msec Ti
626 354112 825565 428 0.15% 0.11% 0.09% 0 IPv6 Input
3 754316 523105917 1 0.15% 0.10% 0.09% 0 HSRP Common
385 2182508 14151135 154 0.15% 0.10% 0.14% 0 L3 Manager
317 44655884 658073408 67 0.07% 0.04% 0.21% 0 PDU DISPATCHER
395 4363480 4661440 936 0.07% 0.04% 0.05% 0 HIDDEN VLAN Proc
323 1161648 134374319 8 0.07% 0.04% 0.05% 0 VRRS Main thread
56 2269676 9230664 245 0.07% 0.08% 0.07% 0 Per-Second Jobs
240 1449416 1870109 775 0.07% 0.04% 0.05% 0 Compute load avg
243 1488814081309230003 113 0.07% 0.13% 0.76% 0 IP SNMP
CPU utilization for five seconds: 97%/43%; one minute: 99%; five minutes: 92%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
44 36270732 35464661 1022 25.03% 15.21% 14.43% 0 BGP Router
325 7703860203228294256 0 10.47% 5.58% 5.24% 0 IP Input
455 7596596 28244228 268 5.59% 1.60% 0.82% 0 BGP I/O
543 13576608 8569950 1584 3.83% 18.94% 9.57% 0 BGP Task
9 152474380 15201602 10030 2.07% 0.27% 0.57% 0 Check heaps
376 16372652 7777145 2105 1.83% 13.93% 13.76% 0 IP RIB Update
358 56785192 14452691 3929 0.95% 0.44% 0.52% 0 CEF: IPv4 proces
23 55656604 116191071 479 0.71% 0.51% 0.50% 0 ARP Input
348 5736736 7812055 734 0.63% 4.19% 5.03% 0 XDR mcast
546 36531108 132425650 275 0.63% 0.37% 0.28% 0 Port manager per
35 56337684 306101724 184 0.23% 0.42% 0.30% 0 IPC Seat Manager
330 287962916 871459868 330 0.23% 0.39% 1.61% 0 SNMP ENGINE
286 7682841067821917 0 0.15% 0.07% 0.07% 0 Ethernet Msec Ti
626 354112 825565 428 0.15% 0.11% 0.09% 0 IPv6 Input
3 754316 523105917 1 0.15% 0.10% 0.09% 0 HSRP Common
385 2182508 14151135 154 0.15% 0.10% 0.14% 0 L3 Manager
317 44655884 658073408 67 0.07% 0.04% 0.21% 0 PDU DISPATCHER
395 4363480 4661440 936 0.07% 0.04% 0.05% 0 HIDDEN VLAN Proc
323 1161648 134374319 8 0.07% 0.04% 0.05% 0 VRRS Main thread
56 2269676 9230664 245 0.07% 0.08% 0.07% 0 Per-Second Jobs
240 1449416 1870109 775 0.07% 0.04% 0.05% 0 Compute load avg
243 1488814081309230003 113 0.07% 0.13% 0.76% 0 IP SNMPHi,
BGP Router process is in charge to determine the best path and processes any route "churn". It also sends and receives routes, establishes peers, and interacts with the routing information base (RIB).
(http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/107615-highcpu-bgp.html)
So I suggest to check what make this process working hard. Depending on that you can choose what to do: bgp dampening (if you have many changes in advertisement received form a neighbor), tuning timer (if neighbor is flapping), using peer-group / update-groups to reduce the amount of job your BGP process has to do to process updates etc...
Have a look here: https://supportforums.cisco.com/discussion/11604471/high-cpu-usage-bgp-router-process
Bye,
enrico
PS please rate if useful -
Troubleshooting with IOS BGP and IOS XR BGP - routing table Empty
Hi
actually we tried to make a neigborhood between ASR9000 and Cisco 7600, we have the neigborhood active but on routing tables from ASR only have the networks locals or connected doesn´t learn anything from BGP 7600
the diagram is this:
When try to know the routes on ASR9000 from Cisco 7609 happen the follow
the neighbor is UP from Cisco 7600 and ASR 9000 but the routing table is empty.
the config on cisco 7600 is:
router bgp 2006
neighbor 172.16.14.6 remote-as 64512
address-family ipv4
neighbor 172.16.14.6 activate
the config on cisco ASR9000 is:
router bgp 64512
bgp router-id 172.16.161.1
address-family ipv4 unicast
neighbor 172.16.14.5
remote-as 2006
address-family ipv4 unicast
Help us
Best RegardsAnother important one is the fact that in XR you need to have RPL policies (even if they only have a "pass-all" functionality) to accept inbound/outbound routes in eBGP.
Check the article on the asr9000 unequal cost multipath that has some sample BGP outputs and show command verifications that may help also.
If not the case, get us the XR config from the A9K side.
Also what does the bgp table on teh IOS side look like? as Richard suggests, there doesnt seem to be anything injected by the 7600 itself.
regards
xander
Xander Thuijs
Principal Engineer CCIE#6775, ASR9000 -
Dual homed bgp route perference help
Good Morning, sir
I have a question regarding bgp route preference.
We have multi-homed BGP on remote site.
Let's call this site , site_a has verizon and at&t MPLS connection using bgp.
Currently, at&t route is preferred using as path prepend method.
We have addition AS number prepended on link to Verizon to prefer at&t route.
At this time, verizon is idle and not being used.
We would like to utilize this network to pass backup traffic.
We have source and destination address that we would like to pass through Verizon (out backup) link.
Any idea how I can do this?
I created the source/destination with ACL and created route-map matching that ACL and tweaked the local preference.
and since only major route is listed under 'show ip bgp' and not the specific route which I would like to influence,
I didn't see the tweaked route on routing table.
Any idea, anyone?
ThanksGetting the specific route into the routing depends on what is there ie. -
if there is already a route with same prefix and subnet mask in your IP routing table then you are fine.
If there isn't and your routing table does not have even more specific routes covering the whole subnet you want to advertise then you could use a static route either pointing to the next hop IP or the interface on the router used to get to that subnet.
Then you can use a "network ..." statement under your BGP configuration to advertise it and use a route map to only advertise it down the backup link.
Jon -
How to establish BGP Neighbourship without receiving BGP routes ?
Hi All,
I would like to establish BGP Neighbourship between my internet router and ISP router.
However I would not like my internet router to receive millions of bgp routes from the ISP router but my inside users should access internet via my internet router.
Kindly suggest how to do it.
Regards,
Mitesh Manwatkar.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Also depending on you setup with your ISP, you might not need BGP at all. Sometimes the ISP will advertize your public IP space (i.e. you don't need to), and if they do, all you need is a default route out.
PS:
Also BTW, often for basic ISP connectivity, even when BGP peering with your ISP, the ISP will not send you any routes but a default (because with a single link, there's no need for them). -
Trouble getting BGP route to be primary
We have an MPLS network between locations using BGP. Several locations have a VPN connection as a backup and use OSPF for those routes.
When an MPLS link goes down, the traffic switches over to the VPN connection just fine. But when the MPLS link comes back up, the OSPF route is still overriding the BGP route. I've changed the weights for both BGP & OSPF but still can't get the BGP route to override the OSPF route.
Any ideas as to what I'm missing?
Main router, MPLS link active at remote site:
nbrtr2#sh ip bgp
BGP table version is 6837, local router ID is 216.149.85.242
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.104.0/24 216.149.85.241 300 2828 3549 2828 i
nbrtr2#sh ip bgp 172.16.104.0
BGP routing table entry for 172.16.104.0/24, version 6839
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
2828 3549 2828
216.149.85.241 from 216.149.85.241 (216.149.85.241)
Origin IGP, localpref 100, weight 300, valid, external, best
After shutting down the remote interface, traffic switches to the VPN link.
nbrtr2#sh ip bgp
BGP table version is 6842, local router ID is 216.149.85.242
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.104.0/24 172.16.196.4 123 100 ?
nbrtr2#sh ip bgp 172.16.104.0
BGP routing table entry for 172.16.104.0/24, version 6842
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to update-groups:
1
Local
172.16.196.4 from 0.0.0.0 (216.149.85.242)
Origin incomplete, metric 123, localpref 100, weight 100, valid, sourced,
best
Bringing up the remote interface, the traffic stays on the VPN.
nbrtr2#sh ip bgp
BGP table version is 6843, local router ID is 216.149.85.242
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.104.0/24 172.16.196.4 123 100 ?
nbrtr2#sh ip bgp 172.16.104.0
BGP routing table entry for 172.16.104.0/24, version 6842
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
Local
172.16.196.4 from 0.0.0.0 (216.149.85.242)
Origin incomplete, metric 123, localpref 100, weight 100, valid, sourced,
best
Finally, terminating the site-site VPN tunnel restores the MPLS route:
nbrtr2#sh ip bgp
BGP table version is 6845, local router ID is 216.149.85.242
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.104.0/24 216.149.85.241 300 2828 3549 2828 i
nbrtr2#sh ip bgp 172.16.104.0
BGP routing table entry for 172.16.104.0/24, version 6845
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
2828 3549 2828
216.149.85.241 from 216.149.85.241 (216.149.85.241)
Origin IGP, localpref 100, weight 300, valid, external, best
Config details:
router ospf 100
log-adjacency-changes
redistribute static subnets
redistribute bgp 36166 metric 20 subnets
network 172.16.196.0 0.0.0.255 area 0
network 172.16.224.0 0.0.3.255 area 0
router bgp 36166
network 172.16.210.0 mask 255.255.255.0
network 172.16.211.0 mask 255.255.255.0
redistribute ospf 100 route-map Redist-OSPF
neighbor 216.149.85.241 remote-as 2828
neighbor 216.149.85.241 weight 300
default-information originate
access-list 11 remark Define OSPF routes for redistribution
access-list 11 permit 172.16.11.0 0.0.0.255
access-list 11 permit 172.16.16.0 0.0.1.255
access-list 11 permit 172.16.196.0 0.0.1.255
access-list 11 permit 172.16.198.0 0.0.0.255
access-list 12 remark Define VPN routes for redistribution
access-list 12 permit 172.16.104.0 0.0.0.255
access-list 12 permit 192.168.1.0 0.0.0.255
access-list 12 permit 192.168.3.0 0.0.0.255
access-list 12 permit 192.168.4.0 0.0.0.255
access-list 12 permit 192.168.8.0 0.0.0.255
route-map Redist-OSPF permit 10
match ip address 11
set weight 500
route-map Redist-OSPF permit 20
match ip address 12
set weight 100
route-map Redist-OSPF permit 30Hi,
IMHO, you should use the same Weight for both the BGP prefix redistributed from OSPF and received from the BGP neighbor.
And set other attribute (Local Preference, e.g.) to make the prefix received from the BGP neighbor to win when the MPLS interface goes Up again.
Another issue might be though:
When the MPLS interface is Down, you get the OSPF prefix redistributed to your BGP table, And when the MPLS interface goes Up again, you might be advertising this prefix to the backbone. And it can beat the prefix advertised from the remote site. If it's your case, I'd also try to prepend your AS number several times to the prefix advertised from your router to make it less preferred within the backbone comparing to the original BGP prefix.
Best regards,
Milan.
Maybe you are looking for
-
Continual Mail crashes - possible mailbox is too big?
Mail crashes for me daily, if not multiple times a day. This morning I couldn't get it to load new mail without crashing and giving the error below.... One thing to note is that I have had this Macbook for 3 years and use it 99% for Mail, when I purc
-
How to be sure that NSU will update your Nokia
Hello, Yesterday I spent almost 2 hours to update N93 at home. I have ADSL line at home with 2MB/512KB per sec. I was so annoyed when the progress bar stopped at 4,6MB, 9,8MB, 2,4MB and so one. I thought about my Internet connection, but I checked it
-
I have a table that has 38 field names. What I am trying to do is create a report based on this table. The first 7 field names are used for information say FieldA, FieldB, FieldC, FieldD,FieldE, FieldF, FieldG. Then the rest of Fields are Field1 thro
-
Hi, guru's i run the usa pay roll, but i couldn't see pay slip. forms option not appear in that. in the simulation screen i need to enter varriant in the log option, how i can enter the varriant in that plz ex... regards, bala
-
Any solution for importing archived songs from HDD?
My old laptop was stolen and I just purchased new PowerMac G5. Back when I imported my CD library (over 700 titles) I have made a backup of the created m4a's onto a HDD. I wanted to import the archived songs into iTunes, but after the "Adding Songs"