BGP ISSUE Annoucing everything

Unanswered Question
Mar 6th, 2007

It seems that one of my Core Routers the BGP to At&T is announcing everything- Yes Everything! OOOPPPSSS. Is there something I should look for? I looked at my other Router going that has BGP to another provider isn't doing that. I can put the config down if I need too just let me know.

For the mean Time AT&T is being a good "neighbor" and blocking us from doing that but I don't want it to take too much a a toll on my router.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Richard Burts Tue, 03/06/2007 - 13:34


Without knowing a few specifics about your situation it is difficult to know for sure about your problem. Your description says that you are running BGP to two providers. I assume that you represent a customer network rather than a provider network. As a customer you generally do not want to operate as a transit AS (which advertises routes from other ASes to its neighbors). And I believe that your description of the problem indicates that you are acting like a transit AS to AT&T (advertising routes from other ASes).

Generally what a customer AS will do is to filter outbound updates to its external BGP neighbors to only advertise its own routes. That usually is done with a filter that permits ^$. If you look at your other router that connects to the other provider I believe that you will find a filter like this. And I believe that you do not have one for AT&T. Copy the filter from the other provider and use it for AT&T.

Give that a try and let us know what happens.



sundar.palaniappan Tue, 03/06/2007 - 14:05


As Rick stated, the problem is caused by lack of filtering on outbound updates to AT&T. Based on your description of the problem, your AS can be used as a transit AS by AT&T and if they do that could cause some serious problems.

There are many ways to do outbound filtering in BGP but one of the common ways to do that is to use an as path filter. You would need a config similiar to this one.

router bgp 1

neighbor filter-list 1 out

From global config mode:

ip as-path access-list 1 permit ^$

This would make the router only advertise the locally, your AS, originated routes to the neighbor.



devang_etcom Tue, 03/06/2007 - 14:19


in BGP configuration, mostly when you have multiple internet connection from different ISP... then you have prevent your AS to be transit AS... so its good to advertise only the locar routes that are originating in your AS with the help of filter list... as explained in sundar and rick post... with the help of regular expression of ^$ ...



cozyk1515 Wed, 03/07/2007 - 09:30

Should I have to clear anything after doing this? Clear bgp or something?

router bgp XXXXX

no synchronization

bgp log-neighbor-changes

network X.X.X. mask

network X.X.X.X mask

neighbor X.X.X.X remote-as 7018

neighbor X.X.X.X description AT&T Link DS3

neighbor X.X.X.X update-source Serial2/0

neighbor X.X.X.X version 4

neighbor X.X.X.X soft-reconfiguration inbound

neighbor X.X.X.X route-map localonly out

neighbor X>X>X>X filter-list 1 out

neighbor X.X.X.X remote-as XXXX

neighbor X.X.X.X next-hop-self

neighbor X.X.X.X remote-as XXXX

neighbor X.X.X.Xnext-hop-self

no auto-summary

ip as-path access-list 1 permit ^$

ip as-path access-list 11 permit .*

ip as-path access-list 12 deny .*

ip as-path access-list 15 permit ^XXXXX$

ip as-path access-list 16 permit ^XXXXX$

ip as-path access-list 17 permit ^XXXXX$

route-map ATT_Test permit 5

match as-path 17

set local-preference 100

route-map local_pref permit 5

match as-path 16

set local-preference 100


route-map local_pref permit 10

set local-preference 90


route-map localonly permit 13

match as-path 13


route-map sendall permit 11

match as-path 11

Richard Burts Wed, 03/07/2007 - 10:02


When you change a policy in BGP (and especially if you are adding or changing filtering) you will generally need to clear any neighbor whose traffic may be impacted by the changes that you have made.



cozyk1515 Wed, 03/07/2007 - 12:59

Thanks for your help! One more thing. I went from Advertising everything to nothing. Managaed to get it fixed. But.....

** I have a customer who has network that we route for - this is the only one not showing in the list.

Richard Burts Wed, 03/07/2007 - 13:13


The impression that we had was that your network was a non-transit customer network and that you only wanted to advertise networks that originate in your AS. The filtering that we suggested accomplishes this. If that was not the correct understanding and if there is a network (or some networks) that you also want to advertise then some change would need to be made in the filtering.

If you have already worked it out and solved it then that is good. But if you want some help in working out the proper filtering, then we would need some more detail about your environment.



cozyk1515 Wed, 03/07/2007 - 13:21

We are an ISP. I have 2 CORE ROUTERS 1- all traffic routes to AT&T via the BGP. I need all our network to announce through this (just ours) and company X. 2- all traffic routes to Canada via company when and only when At&T link is down need to announce our network and company X.

Do you still need more?

Danilo Dy Tue, 03/06/2007 - 17:13

You make yourself an AS transit. To prevent this, try the following;

! Filter

ip as-path access-list 1 permit ^$


neighbor upstream_neighbor_ip filter-list 1 out

cozyk1515 Mon, 03/12/2007 - 10:18

All set except 1 issue. We have a customer who has a Network x.x.x.x from TimeWarner and they have there own AS num.



network X.X.X.0 mask

Do I need to

neighbor X.X.X.X remote-as ###

neighbor X.X.X.X next-hop-self ????


something else?

Richard Burts Mon, 03/12/2007 - 12:49


I think that we do not yet understand your situation well enough to give a good and complete answer to your question. Perhaps you can clarify a few things:

- if the customer has an address from TimeWarner then why are you supposed to advertise it?

_ if the customer has an address from TimeWarner then TimeWarner probably announces it as part of an address block aggregation. If you advertise the more specific address and TimeWarner does not de-aggregate then you will become the favored path for the Internet to reach your customer, not TimeWarner. Are you prepared for that to happen? Does your customer realize that is likely to happen and is it what they want?

- how does the customer route get into your network - will they advertise it to you via BGP or will it get into your network some other way?

The one part of the question that is fairly clear is that if you are running BGP with them and they have their own AS number (neighbor X.X.X.X remote-as ### ) then you certainly do not need next-hop-self.



cozyk1515 Mon, 03/12/2007 - 13:27

This is a customer who got a /24 from time warner, a /24 from us and have an AS # and uses Time Warner as a backup internet. They are annoucing the network to us however my Core router doesn't announce it out. They would like us to announce the Time Warener. He claims this worked before but I have gone in every config back 2 years and don't see any changes that were to his network.

Richard Burts Tue, 03/13/2007 - 07:17


It seems to me that first you need to decide whether you really want to advertise the /24 of TimeWarner or not after considering the implications. If you decide that you do want to advertise it then we can consider how to do that.

As I indicated in my previous post how to do this depends on how your customers route gets into your routing table. If you have it in your routing table as an Internal route then you would only have to add a network statement in your BGP for that network. I believe that you have indicated that they are advertising it to you via BGP (EBGP). In that case you will need to change the filtering that you are doing to your upstream neighbors. I am not clear what filtering you are doing but I assume that it is probably something like ip as-path access-list 1 permit ^$ as was suggested several times in previous posts. You would need to add another statement in the as-path access-list to permit the route from your customer. That should allow it to be advertised to your upstream neighbors.




This Discussion