BGP Routing

Unanswered Question
Aug 20th, 2007

Hello All,


Below is my partial E-BGP Configuration:

Router bgp <AS_Number>

no synchronization

bgp log-neighbor-changes

network <..> mask <....>

network 172.21.128.0 mask 255.255.192.0

network 172.24.128.0 mask 255.255.248.0


neighbor <..> remote-as <AS_number>

neighbordescription --------E-BGP peer to France


Today, i have 2 New Subnets in INDIA Environment. Subnet are 10.0.0.0 & 192.168.194.0


My Question is: If i just advertise the above new Subnets in my Local BGP AS means will the Subnets will be Routed enough ? ? over WAN Environment.


Thanks in Advance for your Reply


Best Regards,


Guru Prasad R

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mohammedmahmoud Mon, 08/20/2007 - 02:43

Hi Guru,


Can you tell us more about your topology and connectivity, how are you having this peering, as you know if this peering is through an ISP he'll drop these private IPs, if this BGP peering is over VPNs or layer 2 technologies or a GRE tunnel then no problems.


HTH,

Mohammed Mahmoud.

royalblues Mon, 08/20/2007 - 02:58

Guru,


If you plan to add the subnets as a network statement under BGP, they will be advertised to the peer if the following conditions are met.

1. there is a local IGP route for the subnet

2. There is no outbound filter applied to updates to the remote peer denying the above prefixes

3. No inbound filter at the far end denying them to be installed


But as Mohammed said, if you are peering with an ISP they will be dropped unless you are buying a MPLS service from them


HTH

Narayan

guruprasadr Mon, 08/20/2007 - 02:58

HI Mohammed Mahmoud & Narayan,


Thanks in Advance for your Quick reply.


INDIA - to - Europe we have 20 Mbps MPLS VPN Link over WAN.


E-BGP Peer exists between INDIA & Europe with AS Number for EBGP as: 65530.


I would like to advertise the New Subnets to the Backbone Network.


I-BGP peer exists for a Backup Link (VPN over Internet) from INDIA to Europ with AS Nuber for IBGP as:64910


INFO: I am interested to Advertise these new Subnets over WAN Network (where as it should be carried forward by both E-BGP & I-BGP).


NOTE: For me its a Private AS


Also i am afraid on the below configuration on my Routers (Whether this will Block ?) as per Narayan Post:


INDIA Router:

-----------------------------

ip bgp-community new-format

ip community-list 101 permit ^1:*

ip community-list 120 permit ^20:*

ip community-list 132 permit ^32:*

ip community-list 133 permit ^33:*

ip community-list 134 permit ^34:*

ip community-list 139 permit ^39:*

ip community-list 144 permit ^44:*

ip community-list 147 permit ^47:*

ip community-list 149 permit ^49:*

ip community-list 152 permit ^852:*

ip community-list 161 permit ^61:*

ip as-path access-list 10 deny ^$

ip as-path access-list 10 permit .*

ip as-path access-list 20 permit ^$

ip as-path access-list 20 deny .*


Europe Router:

-----------------------------------

ip bgp-community new-format

ip community-list 101 permit ^1:*

ip community-list 120 permit ^20:*

ip community-list 132 permit ^32:*

ip community-list 133 permit ^33:*

ip community-list 134 permit ^34:*

ip community-list 139 permit ^39:*

ip community-list 144 permit ^44:*

ip community-list 147 permit ^47:*

ip community-list 149 permit ^49:*

ip community-list 152 permit ^852:*

ip community-list 161 permit ^61:*

ip as-path access-list 10 deny ^$

ip as-path access-list 10 permit .*

ip as-path access-list 20 permit ^$

ip as-path access-list 20 deny .*


I don't Completely Understand this Community-list Configuration (Please provide some link or documentation for the Community-list Attribute Configuration). Do i need to add a new "community-list" Value for advertising the any additional new Subnets in Future.


Looking forward for your Advices.



Best Regards,


Guru Prasad R

mohammedmahmoud Mon, 08/20/2007 - 03:18

Guru,


EBGP won't have any problems over MPLS-VPN, while if the IBGP was over MPLS-VPN then you would have required to do as-override to insure connectivity (in MPLS your provider AS is in between causing problems (since BGP is now PE-CE routing protocol) which is solved using the as-override), and i guess that's why your provider made you do the peering with eBGP rather than iBGP.


Back to your scienario, it looks weird to have eBGP and iBGP peering between your 2 branches, what are the odds of modyfing this.


HTH,

Mohammed Mahmoud.

guruprasadr Mon, 08/20/2007 - 03:25

Dear Mohammed Mahmoud,


May be i confused you,

1. Primary MPLS VPN between INDIA & Europe

2. Secondary VPN over Internet between INDIA

& Europe

3. IBGP Between the INDIA (Primary & Secondary Routers)

4. E-BGP between INDIA(Pri) & Europe(Pri) Routers


In Addition,

As per Narayan Post: I have some Quick INFO:


I am afraid on the below configuration on my Routers (Whether this will Block ?) as per Narayan Post:


INDIA Router:

-----------------------------

ip bgp-community new-format

ip community-list 101 permit ^1:*

ip community-list 120 permit ^20:*

ip community-list 132 permit ^32:*

ip community-list 133 permit ^33:*

ip community-list 134 permit ^34:*

ip community-list 139 permit ^39:*

ip community-list 144 permit ^44:*

ip community-list 147 permit ^47:*

ip community-list 149 permit ^49:*

ip community-list 152 permit ^852:*

ip community-list 161 permit ^61:*

ip as-path access-list 10 deny ^$

ip as-path access-list 10 permit .*

ip as-path access-list 20 permit ^$

ip as-path access-list 20 deny .*


Europe Router:

-----------------------------------

ip bgp-community new-format

ip community-list 101 permit ^1:*

ip community-list 120 permit ^20:*

ip community-list 132 permit ^32:*

ip community-list 133 permit ^33:*

ip community-list 134 permit ^34:*

ip community-list 139 permit ^39:*

ip community-list 144 permit ^44:*

ip community-list 147 permit ^47:*

ip community-list 149 permit ^49:*

ip community-list 152 permit ^852:*

ip community-list 161 permit ^61:*

ip as-path access-list 10 deny ^$

ip as-path access-list 10 permit .*

ip as-path access-list 20 permit ^$

ip as-path access-list 20 deny .*


I don't Completely Understand this Community-list Configuration (Please provide some link or documentation to understand Community-list Attribute Configuration). Do i need to add a new "community-list" Value for advertising the any additional new Subnets in Future.


Looking forward for your more Advices.



Best Regards,


Guru Prasad R



guruprasadr Mon, 08/20/2007 - 03:48

HI Mohammed Mahmoud,


I am posting the E-BGP Configuration part:


INDIA Router:

------------------------

nterface Loopback100

description ***** Used for GRE tunnel9133 to France

ip address 192.168.196.1 255.255.255.255


interface Tunnel100

description *12MB GRE Tunnel*

bandwidth 12000

ip address 192.168.198.70 255.255.255.252

ip accounting output-packets

ip mtu 1500

keepalive 10 3

tunnel source 192.168.196.1

tunnel destination 192.168.196.4


interface Serial1/0

description Connected to SP MUX

ip address ip_address mask

ip access-group 101 out

dsu bandwidth 44210

scramble

framing c-bit

cablelength 10

serial restart-delay 0


router bgp 64910

no synchronization

bgp log-neighbor-changes

network 172.21.128.0 mask 255.255.192.0

network 172.24.128.0 mask 255.255.248.0



neighbor 172.21.159.10 remote-as 64910

neighbor 172.21.159.10 description IBGP peer to Backup Router (INDIA) - VPN over Internet

neighbor 172.21.159.10 update-source Loopback0

neighbor 172.21.159.10 next-hop-self

neighbor 172.21.159.10 send-community

neighbor 172.21.159.10 soft-reconfiguration inbound

neighbor 192.168.198.60 remote-as 65330

neighbor 192.168.198.60 description EBGP Peer to France

neighbor 192.168.198.60 send-community

neighbor 192.168.198.60 soft-reconfiguration inbound

neighbor 192.168.198.60 route-map Local_Pref<-AS65330 in

neighbor 192.168.198.60 route-map AS64910->AS65330 out


ip route 172.21.128.0 255.255.192.0 172.21.170.2

ip route 172.21.128.0 255.255.192.0 172.21.170.3 200

ip route 172.24.128.0 255.255.248.0 172.21.170.2

ip route 172.24.128.0 255.255.248.0 172.21.170.3 200


ip bgp-community new-format

ip community-list 101 permit ^1:*

ip community-list 120 permit ^20:*

ip community-list 132 permit ^32:*

ip community-list 133 permit ^33:*

ip community-list 134 permit ^34:*

ip community-list 139 permit ^39:*

ip community-list 144 permit ^44:*

ip community-list 147 permit ^47:*

ip community-list 149 permit ^49:*

ip community-list 152 permit ^852:*

ip community-list 161 permit ^61:*

ip as-path access-list 10 deny ^$

ip as-path access-list 10 permit .*

ip as-path access-list 20 permit ^$

ip as-path access-list 20 deny .*


route-map Local_Pref<-AS65330 permit 20

set local-preference 50

!

route-map AS64910->AS65330 permit 10

match as-path 20

set community 91:33

!

route-map AS64910->AS65330 permit 20

!

route-map BGP64910->OSPF1 deny 10

match as-path 20

!

route-map BGP64910->OSPF1 permit 20

set metric 5000

set metric-type type-1


I am afraid at the "community-list" Configuration (as a Blocking Issue) as per Narayan Question. Please help me in this Routing Issue & Requirement.



Best Regards,


Guru Prasad R

guruprasadr Mon, 08/20/2007 - 07:46

Dear Mohammed Mahmoud & Narayan,


Can you please show your kind attention on this POST.


Thanks in Advance for your Reply.



Best Regards,


Guru Prasad R


mohammedmahmoud Mon, 08/20/2007 - 10:09

hi Guru,


The community lists are not referred to in the configuration by any means (there is no match community x in any of the route-maps), the used route-maps are summarized as follows:


route-map AS64910->AS65330 makes sure that the local originated ips are advertised over the eBGP session tagged with community 91:33 while other routes are sent untagged.


route-map Local_Pref<-AS65330 reduces the local-pref of the received eBGP routes, making them less preferred than other identical routes received from another peering (the iBGP in your case, which is weired as it is the opposite of your needs, as this will make the iBGP routes preferred - the higher the local-pref the more preferred the route, and the default local-pref is 100).


HTH,

Mohammed Mahmoud.

Actions

This Discussion