ebgp-multi-hop connection

Answered Question
Mar 28th, 2008
User Badges:

Hi everyone how are things? I have a quick quesiton here. I'm trying to create a ebgp-multihop connection but the problem is it never establishes. I don't have any access-list on the interface so it is wide open, I've been looking at this for a while now so everything looks ok to me. I know I'm missing something but anyways here is my config:


router bgp 60301

neighbor 192.168.50.50 remote-as 64637

neighbor 192.168.50.50 ebgp-multihop 5

neighbor 192.168.50.50 update-source FastEthernet1/15

neighbor 192.168.50.50 version 4

neighbor 192.168.50.50 soft-reconfiguration inbound

neighbor 192.168.50.50 prefix-list from-interim in

neighbor 192.168.50.50 prefix-list to-interm out


when I do a sh ip bgp neigh 192.168.50.50 I see the bgp state as active but not established. I've done a soft clear and clear but nothing as of yet. Thank you in advance!!

Correct Answer by Harold Ritter about 9 years 3 months ago

Warren,


You can use the loopback interface as the update-source for the eBGP and iBGP session.


Regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Rick Morris Fri, 03/28/2008 - 08:01
User Badges:
  • Silver, 250 points or more

Who is providing the number of hops?

Do you know what it is suppose to be?


Is this peering with a vendor or yourself?

If your peer is directly connected to you then you will not have multiple hops, if you are peering with a router on the other side of a router then your hop count will be 2 and so on.

Martin Parry Fri, 03/28/2008 - 08:03
User Badges:
  • Silver, 250 points or more


Hi


Do you have a route to 192.168.50.50 in your routing table? as you are configuring this as multihop I am assuming that you are not directly connected to the 192.168.50.50 interface.



wgranada1 Fri, 03/28/2008 - 08:12
User Badges:

Thank you for the quick response I will try to answer your questions at once. I'm peering with another router that isn't mine inorder for me to get to the 192.168.50.50 peer I have to go through my eth 1/15 which is connected to his 10.16.4.176/30(I'm 177 and he is 178) Yes I have a static route that points to 10.16.4.178:


ip route 192.168.50.50 255.255.255.255 10.16.4.178


Harold Ritter Fri, 03/28/2008 - 08:05
User Badges:
  • Cisco Employee,

Warren,


A couple of things you might want to check.


1. Is there a route to 192.168.50.50?


2. Try an extended ping to 192.168.50.50 with the address of fa1/5 as the source.


3. Make sure that the neighbor address on the side matches the address of fa1/5 and that 192.168.50.50 matches the source addresses used on the BGP peer.


Regards,

wgranada1 Fri, 03/28/2008 - 08:15
User Badges:

Yes there is a route:


sfschirt4#sh ip route 192.168.50.50

Routing entry for 192.168.50.50/32

Known via "static", distance 1, metric 0

Redistributing via ospf 1

Routing Descriptor Blocks:

* 10.16.4.178

Route metric is 0, traffic share count is 1


Also I can ping:


sfschirt4#ping 10.128.184.105 source 172.19.80.9


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.50.50, timeout is 2 seconds:

Packet sent with a source address of 10.16.4.177

!!!!!

Success rate is 100 percent (5/5), round-trip

min/avg/max = 1/1/4 ms



Martin Parry Fri, 03/28/2008 - 08:18
User Badges:
  • Silver, 250 points or more

Are you able to see the configuration of there end to check what they have configured for your peering?



wgranada1 Fri, 03/28/2008 - 08:27
User Badges:

Yes he has emailed me his config:


router bgp 64637

no synchronization

neighbor 172.19.103.45 remote-as 64821

neighbor 172.19.103.45 ebgp-multihop 5

neighbor 172.19.103.45 update-source Loopback1

neighbor 172.19.103.45 soft-reconfiguration inbound

neighbor 172.19.103.45 prefix-list Routes-from-Futures in

neighbor 172.19.103.45 prefix-list Routes-to-Futures out

no auto-summary


172.19.103.45 is my loopback address I don't have the routing though. He is also away from the office so it will be hard to get a hold of him today. Didn't want to wait till monday just trying to make sure I'm good on my end.

Rick Morris Fri, 03/28/2008 - 08:30
User Badges:
  • Silver, 250 points or more

this remote as is wrong.

it has 64821

and you have configured on your end

router bgp 60301

Jon Marshall Fri, 03/28/2008 - 08:30
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Warren


Your bgp AS number


router bgp 60301


So why does his config say


neighbor 172.19.103.45 remote-as 64821 ie.


AS = 64821


Jon

Harold Ritter Fri, 03/28/2008 - 08:36
User Badges:
  • Cisco Employee,

Warren,


As other mentionned, the remote-as is wrong and should be 60301.


Also, 172.19.103.45 is your loopback address, so you should configure your loopback address as the update-source rather than fa1/5.


One more thing, make sure loopback1 address on the remote side is 192.168.50.50, as this is the address used as the update-source.


Regards,

Martin Parry Fri, 03/28/2008 - 08:38
User Badges:
  • Silver, 250 points or more

Hi


The configs dont seem to match at all.


The AS number is not correct.


You are trying to peer with a source address of your fastethernet interface, and they are trying to peer with your loopback interface.



wgranada1 Fri, 03/28/2008 - 08:47
User Badges:

I was looking over the config and noticed that I have an internal peering as well that is also using the loopback as well if I source from teh new connection as suggested will that affect what is already there?


router bgp 64821

no synchronization

bgp router-id 172.19.103.45

bgp log-neighbor-changes

redistribute ospf 1 match internal external 1 external 2 route-map to-VNET

neighbor VNET peer-group

neighbor VNET remote-as 64820

neighbor VNET update-source FastEthernet1/0

neighbor VNET version 4

neighbor VNET soft-reconfiguration inbound

neighbor VNET prefix-list from-VNET in

neighbor VNET prefix-list to-VNET out

neighbor VNET route-map from-VNET-LOCALPREF in

neighbor VNET route-map to-VNET-PREPEND out

neighbor VNET filter-list 17 out

neighbor SFS-INTERNAL peer-group

neighbor SFS-INTERNAL remote-as 64821

neighbor SFS-INTERNAL update-source Loopback0

neighbor 10.128.184.105 remote-as 64637

neighbor 10.128.184.105 ebgp-multihop 5

neighbor 10.128.184.105 update-source FastEthernet1/15

neighbor 10.128.184.105 version 4

neighbor 10.128.184.105 soft-reconfiguration inbound

neighbor 10.128.184.105 prefix-list from-interim in

neighbor 10.128.184.105 prefix-list to-interm out

neighbor 172.19.98.50 peer-group VNET

neighbor 172.19.103.30 peer-group SFS-INTERNAL

no auto-summary

Harold Ritter Fri, 03/28/2008 - 08:25
User Badges:
  • Cisco Employee,

Warren,


"debug ip bgp" should give you a lot more information on why the session is not coming up.


Regards,

Harold Ritter Fri, 03/28/2008 - 08:29
User Badges:
  • Cisco Employee,

Warren,


The extended ping should be to 192.168.50.50 rather than 10.128.184.105 and should also use the address of fa1/5 as the source.


Regards,

wgranada1 Fri, 03/28/2008 - 08:39
User Badges:

I appreciate the help...sorry guys I was trying to keep my ip private but I think I'm doing more harm than help so here is it is with the real IPs


MY SIDE:


router bgp 64821

no synchronization

bgp router-id 172.19.103.45

bgp log-neighbor-changes

neighbor 10.128.184.105 remote-as 64637

neighbor 10.128.184.105 ebgp-multihop 5

neighbor 10.128.184.105 update-source FastEthernet1/15

neighbor 10.128.184.105 version 4

neighbor 10.128.184.105 soft-reconfiguration inbound

neighbor 10.128.184.105 prefix-list from-interim in

neighbor 10.128.184.105 prefix-list to-interm out


His side:


router bgp 64637

no synchronization

neighbor 172.19.103.45 remote-as 64821

neighbor 172.19.103.45 ebgp-multihop 5

neighbor 172.19.103.45 update-source Loopback1

neighbor 172.19.103.45 soft-reconfiguration inbound

neighbor 172.19.103.45 prefix-list Routes-from-Futures in

neighbor 172.19.103.45 prefix-list Routes-to-Futures out

no auto-summary


now he told me I'm suppose to be peering with his 10.128.184.105 and inorder for me to get to that peer I need to go through the ethernet connection


My side


interface FastEthernet1/15

ip address 172.19.80.9 255.255.255.252


His side


interface gigethernet 0/1

ip address 172.19.80.10 255.255.255.252


I have routes to his 10.128.184.105

sfschirt4#sh ip route 10.128.184.105

Routing entry for 10.128.184.105/32

Known via "static", distance 1, metric 0

Redistributing via ospf 1

Routing Descriptor Blocks:

* 172.19.80.10

Route metric is 0, traffic share count is 1


and can source ping


sfschirt4#ping 10.128.184.105 source 172.19.80.9


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.128.184.105, timeout is 2 seconds:

Packet sent with a source address of 172.19.80.9

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms



sorry guys about that




wgranada1 Fri, 03/28/2008 - 08:41
User Badges:

Also when I did run a debug I see the following:


Mar 28 15:29:17.315 UTC: BGP: 10.128.184.105 passive open to 172.19.103.45

*Mar 28 15:29:17.315 UTC: BGP: 10.128.184.105 passive open failed - 172.19.103.45 is not update-source FastEthernet1/15's address (172.19.80.9)

*Mar 28 15:29:17.315 UTC: BGP: 10.128.184.105 remote connection attempt failed, local address 172.19.103.45

*Mar 28 15:29:37.195 UTC: BGP: 10.128.184.105 open active, local address 172.19.80.9

*Mar 28 15:29:37.195 UTC: BGP: 10.128.184.105 open failed: Connection refused by remote host, open active delayed 25365ms (35000ms max, 28% jitter)

Harold Ritter Fri, 03/28/2008 - 08:44
User Badges:
  • Cisco Employee,

Warren,


172.19.103.45 is the address your peer uses. Make sure you use the interface that matches that address as your update-source on your side.


Regards,

Martin Parry Fri, 03/28/2008 - 08:48
User Badges:
  • Silver, 250 points or more

Hi Warran


The 172.19.103.45 address is not assigned to your F1/15 interface. You need to make sure that you have the interface assigned to this address as your update source for this peering.


Martin

wgranada1 Fri, 03/28/2008 - 08:51
User Badges:

I was looking over the config and noticed that I have an internal peering as well that is also using the loopback address as well if I source from the new connection as suggested will that affect what is already there?


router bgp 64821

no synchronization

bgp router-id 172.19.103.45

bgp log-neighbor-changes

redistribute ospf 1 match internal external 1 external 2 route-map to-VNET

neighbor VNET peer-group

neighbor VNET remote-as 64820

neighbor VNET update-source FastEthernet1/0

neighbor VNET version 4

neighbor VNET soft-reconfiguration inbound

neighbor VNET prefix-list from-VNET in

neighbor VNET prefix-list to-VNET out

neighbor VNET route-map from-VNET-LOCALPREF in

neighbor VNET route-map to-VNET-PREPEND out

neighbor VNET filter-list 17 out

neighbor SFS-INTERNAL peer-group

neighbor SFS-INTERNAL remote-as 64821

neighbor SFS-INTERNAL update-source Loopback0<-- Already being used

neighbor 10.128.184.105 remote-as 64637

neighbor 10.128.184.105 ebgp-multihop 5

neighbor 10.128.184.105 update-source FastEthernet1/15

neighbor 10.128.184.105 version 4

neighbor 10.128.184.105 soft-reconfiguration inbound

neighbor 10.128.184.105 prefix-list from-interim in

neighbor 10.128.184.105 prefix-list to-interm out

neighbor 172.19.98.50 peer-group VNET

neighbor 172.19.103.30 peer-group SFS-INTERNAL

no auto-summary



Correct Answer
Harold Ritter Fri, 03/28/2008 - 08:52
User Badges:
  • Cisco Employee,

Warren,


You can use the loopback interface as the update-source for the eBGP and iBGP session.


Regards,

wgranada1 Fri, 03/28/2008 - 08:58
User Badges:

YOU GUYS ROCK!!!!! thank you all for helping out sorry about the confusion in the beginning

I see that neighor relationship has been established:


sfschirt4#sh ip bgp neigh 10.128.184.105

BGP neighbor is 10.128.184.105, remote AS 64637, external link

BGP version 4, remote router ID 10.128.184.105

BGP state = Established, up for 00:00:10


YEAH!!!!! thank you agian!!!!!


Martin Parry Fri, 03/28/2008 - 09:02
User Badges:
  • Silver, 250 points or more

No Problem Warren


Glad you have it all working now.


Martin Parry Fri, 03/28/2008 - 08:54
User Badges:
  • Silver, 250 points or more

The update-source is specific only to that neighbor. It will not affect any other update-source interfaces you have configured under this AS.



Actions

This Discussion