BGP configuration Verification Please-need to turnup today!

Unanswered Question
Apr 29th, 2008


I have come up with two BGP configuration for two border routers 6506 with two different ISPs, Multihomed. I have made it to recice default routes from both ISPs and advertise our blocks out to them and do load sharing at the same time plus redundancy in the event one ISp connection is down.

I have attched both files with the IPs half deleted! My time is very short, i.e. tomorrow or just today (Its 4:15 a.m. now!) and need to see if I have done alright. I have used IP prefix-list.

Also, I have a block with /21 mask and /20 mask and blocks with /20 and /19 (which is good for redundancy) I don't know if I have to break the /21 or it is OK as I have already listed in the Ip prefix-list statements.

/20 must be a sub-set of /21 and this is how Ihave thought about it!

Please advise.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Harold Ritter Tue, 04/29/2008 - 04:25


I see you are advertising 216.x.224.0/19 and 216.x.224.0/20 from both routers. The strategy usually consists of sending the /19 from one router and the /20 from the other router, which would ensure both redundancy and load-balancing. BTW, you already do it the proper way for 216.y.192.0/20 and 216.y.192.0/21.

Also, make sure you have routes, matching the network statements, that are installed in the RIB.


Harold Ritter Tue, 04/29/2008 - 04:32


One more thing. I noticed you are advertising 209.z.122.64/29. Service Providers will usually not propagate prefixes with a prefix length longer than 24. So this will definitely be an issue.


m-abooali Tue, 04/29/2008 - 08:14


thanks very much for your input. I am very greatful as I am shor time putting these configs and they should work!

Yes you are correct and I need to fix that jus the same way /21 and /20 prefix is.

Otherwise, the config looks OK to you ?



m-abooali Tue, 04/29/2008 - 08:19

I have already talked to the provider and they told me that they have advertised that /24 for us. for that reason I used it because /30s from this /24 are used for connectivity between our devices - this is a whole new Infrastructure.

may be after this I get time to take my CCIE R&S written exam.



lamav Tue, 04/29/2008 - 08:41


I know youre pressed for time, but can you do me a favor and post the final and corrected configs? This is a pretty good learning scenario and I would like to dissect it.

Making remarks next to each command line to exlain its purpose would be awesome.

Thanks, much appreciated.

m-abooali Tue, 04/29/2008 - 08:48

you mean the whole router configurations?

as for bGP, this is the whole cofig!? I beleive so?

I will do that as soon as I get this Bad SUP 720 replaced.

I will post a drawing too.



lamav Tue, 04/29/2008 - 08:50


just the BGP config.

I thought you were going to make a correction to it, as per your post to mohammed. thats why i asked for the revised and final/corrected config.

[edit] The comments on the command lines and a drawing would be awesome!


m-abooali Tue, 04/29/2008 - 08:42

hello again,

one more question?

can I use the CIDER notation in these IP prefix-lists statements?

say, /20 and /19 instead of and .224?

do I need to issue Ip classless command in the routers?



lamav Tue, 04/29/2008 - 08:53

Masood, Im no BGP guru, as you can tell, but I am sure you can use the "/" notation for prefix lists. Also, I believe ip classless is enabled by default these days, and I would say, yes, you should have it enabled.

Im sure Mohammed will be on in a sec to comfirm or deny. :-)


m-abooali Tue, 04/29/2008 - 09:08

I am dealing with a very old and used backbone router and I havebeen here just a few days so I had no time to really load the IOS image that I wanted, etc.

I will post the final BGP config this p.m.

as is they work fine. I just need totake out one /19 of the same block, the 240 one out of the first config and put /19 in one and one /20 in the other router.

I will comment the configuration out as it might become useful to the folks on netpro at some point.



m-abooali Tue, 04/29/2008 - 10:32


after I added the BGP configuration as listed for border 1, the router added seq numbers to it by itself! as follows:

ip prefix-list default seq 5 permit


ip prefix-list firstblock seq 5 permit 216.x.224.0/20

ip prefix-list firstblock seq 10 permit 216.y.192.0/20

ip prefix-list firstblock seq 15 permit 216.z.224.0/19


is this OK?

Please advise.



lamav Tue, 04/29/2008 - 10:42


This is perfectly normal.

Sequence numbers allow you to add filter lines to an existing list without having to do it all over again.

It also allows you to delete a line at a time, without having to wipe out the entire list and start over.

If you dont specify the sequence number, the IOS will automatically insert numbers in increments of 5, starting at 5.

This is normal. No worries.


m-abooali Tue, 04/29/2008 - 11:15

Thanks Victor. I really got worried. in past I had done it myself but this time, I just didn't add the Seq #s. it seems that I need to go back and study the IOS capability all over again!

I like to keep this post open untit this works if you don'y mind? i will rate this later and gladely.

Thanks much.


lamav Tue, 04/29/2008 - 11:37

masood, no worries, buddy. I know the feeling.

Let me guess: you're at a client site because you were bum-rushed into a cluster-f%$# situation, and now they want you to fix everything -- immediately! LOL

Glad I could help. Relax, it will go fine. You know what youre doing.


m-abooali Tue, 04/29/2008 - 14:29

that is exactly the case!

It seems that they had two engineers who started this project, purchased used equipment and just put them on the floor of a datacenter, then, they get rebelious with the new director not accepting new changes and leave. They did not put any documents behind.

I had to find all the servers on various non-contibous IP subnets, on a purely Falt network and create documents, then craeted vlans on two new 6509s and now connecting 4x 6506s in two sites separated via an IP dark Fiber Transit!

I had to configure MUXs and these 4 6506s, two for BGO and all 4 for EIGRP terminating L3 at the 6506s and pure L2 on 6509s!! all in last 10 days. Now, I have to make sure all works by Sunday which is the Cut-over date to this new Infrastructure.

I have one delima though and You might be able to help me out on it.

current core switch, 2 Cisco 5500, RJ 21 and I need to move customers from the 5500 onto the two 6509s and I need to have an ISL trunk between one of the 5500s to one of the 6509s just in case the new netwrok doesn't work or in case one ohe of the fiber pairs to the Internet isn't ready by Sunday, then use one link using new netwrok (BGP to Abovenet) and one of the current OC3s. the traffic has to pass to the 5500 via the ISL trunk or if not trunk, may be a L3 link between my 6506 an dthe current core or border router (I rather do it in L3 between one 6506 and the current core or border routers).

can I have your thoughs on this? i don't know if I was able to explian what the gane plan is and I am alone!

If i wanted to use or create a L3 link where traffic from new netwrok travel over to the current netwrok, can I make one of the current/production routers, core or border (talks BGP to two providers, UUnet and SAVVIS) part of the EIGRP and make this happen? just don't like to do it in L2 using an ISL trunk!



m-abooali Mon, 05/19/2008 - 09:46


I have another question based on my observations after these two circuits came up. We noticed that the traffic only flows through border 1 router to abovenet and nothing through border 2 to Internap (our second provder). I was under the impression that with this BGP configuration and the way I have advertised my prefixex, i,e. /21 and /20 on the link to ABovenet and /20 and /19 on the link to Internap, I iwll have both load sharing and redundancy!?? but this dodn't happen and no traffic flow through the link on the border 2 router?

Have I missied anything here?

Also, is there a better way to receive default and partial routes from both the providers than only specifying the 0/0, the eyeball?

Please advise.



m-abooali Sun, 05/04/2008 - 16:15

I am trying to understand the following statement:

"Also, make sure you have routes, matching the network statements, that are installed in the RIB"

does it mean, the network statement must mtch the Prefixes and also should have the static routes for those blocks to Null0?

or I am missing something?




This Discussion