BGP Routing issue

Unanswered Question
Jul 9th, 2008

Hi guys,

I have an issue with a remote site. it routes traffic to my primary site via a backup tunnel rather than the neighbor MPLS site. I cant see why this is happening.

Please see the below config snipt and see what I'm doing wrong. My knowledge of BGP is limited and i'm coming into this problem after it was configured so i'm having trouble see whats wrong. I did notice however the the ACL 20 referenced in the route map below is not in the ACL list. If i'm using and what should my mask be

router bgp 65204

no synchronization

no bgp fast-external-fallover

bgp log-neighbor-changes

network mask

network mask

network mask

network mask

network mask

aggregate-address summary-only

neighbor remote-as 19855

neighbor version 4

neighbor send-community

neighbor prefix-list Frankfurt-nets out

neighbor route-map extranet out

neighbor remote-as 65100

neighbor version 4

neighbor prefix-list Default-Route-Only in

neighbor route-map AS-Prepend out

no auto-summary

route-map extranet permit 10

match ip address 20

set community 65000:3549


route-map extranet permit 1000


route-map aspath permit 10

match ip address prefix-list Frankfurt-nets

set as-path prepend 65204 65204 65204

set community 65000:3549


route-map AS-Prepend permit 10

set as-path prepend 65204 65204 65204

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lee.reade Wed, 07/09/2008 - 10:13


You have not provided enough information for us to help you.

Please give more info.



rodonohu1 Wed, 07/09/2008 - 10:26

Hi Lee

Thanks for getting back to me. What more info do you need? The AS that it connects to? Please let me know and I'll provide it. Note i have this set up in other remote offices and it works however in these offices, i have two routers, one where the MPLS network is set up on the AS and on the other router, the backup tunnel is up and the MPLS is in a shutdown state. On our Frankfurt router, both the MPLS and Backup Tunnel are up.



tdrais Wed, 07/09/2008 - 10:39

So in which direction is it using the tunnel. The traffic can use can use one path one way and the other on the return.

The access list may or may bot have a bearing depends on what the community string is used for. You have both prefix-list and route-maps filtering you outbound traffic as well as a aggregate summary so you may have a issue here.

Best bet for someone to help you is to issue the SHOW IP BGP command on both ends and post a sample that shows address prefixes that you think are incorrect. This display will clearly show why BGP is selecting one path over the other or if something is being filtered.

rodonohu1 Wed, 07/09/2008 - 10:58


I've attached a sh ip bgp for both the frankfurt and mullingar ends. you'll see that on the frankfurt end it is filtered to go over the tunnel. I want this to go directly to the 65203 AS number. Can this be forced?

This is the current trace route from Frankfurt to a server i want to get two in two hops:


Type escape sequence to abort.

Tracing the route to

1 [AS 65100] 212 msec 208 msec 204 msec

2 [AS 65100] 208 msec 212 msec *

3 [AS 65100] 208 msec 212 msec 212 msec

4 [AS 65100] 308 msec 300 msec 300 msec

5 [AS 65203] 312 msec 304 msec 292 msec

6 [AS 65203] 292 msec 304 msec 308 msec


Thanks again. I hope i'm providing enough info

tdrais Wed, 07/09/2008 - 13:25

This is your issue at least for the traceroute

* 0 19855 65203 i

*>................... 0 65100 65203 i

Since the best route to is the /16 route to Now there are 2 BGP routes and it is picking your tunnel. The AS-path length is the same so it is using another tie breaker to choose the path.

Now you should never get this route in the first place if I read your bgp

neighbor prefix-list Default-Route-Only in

If this does what it says it does you should only get the default route and not the other prefix but you are getting them so something is wrong.

The default route will be ok because 65100 is prepending so the mpls learned default will be preferred.

sdoremus33 Wed, 07/09/2008 - 15:10

I agree if you look at the traceroutes theonly problem I see is the following

since both are using same as-path , and origin code my question is what is influencing the tiebreaker? if that makes sense

* 0 19855 65203 i

*> 0 65100 65203 i

rodonohu1 Thu, 07/10/2008 - 00:28

How Can I see what is influcencing the decision to route the traffic?

I can provde more config if that is needed but i'm not sure why traffic to 172.17.10.x and goes the correct path but traffic to or goes over the longer route

danhughes1234ie Thu, 07/10/2008 - 00:57

Hi There,

Can you post a "show ip bgp".. That should give us all the attributes..

rodonohu1 Thu, 07/10/2008 - 01:14

sure - this is it on the Frankfurt router:

50Gro-GER-2801a#sh ip bgp

BGP routing table entry for, version 452

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Advertised to update-groups:


19855 from (

Origin IGP, localpref 100, valid, external, best

Extended Community: RT:19855:88001284


rodonohu1 Thu, 07/10/2008 - 01:52


it appears this is now resolved. The following line was removed from the config:

neighbor soft-reconfiguration inbound

and i think this has fixed it. any idea why this would be the fix?

royalblues Thu, 07/10/2008 - 02:17

When you configure bgp soft-configuration-inbound, all the updates received from the neighbor will be stored unmodified, regardless of the inbound policy

This might be the reason for the presence of the route even after your inbound filter.

BTW, did you try clearing the session after the above configuration?

clear ip bgp soft in


tdrais Thu, 07/10/2008 - 04:20

In general you want to have soft-config on since it allows you to update the bgp without having to do a hard clear which will cause a interuption in the traffic.

You really need to clear your bgp everytime you make a change to the filters. Since BGP does not retransmit his updates that often and the new filter only takes effect on new routes not the old ones you can get strange results. Maybe when you turned off the soft-config it cleared the sessions for you.

If your configuration is working as it appears you should only get the default route over your tunnel and get other prefixes and the default with a better as-path over the MPLS so it should alway prefer the MPLS.

To the above question on why it picked the tunnel I think the tie break rule for external routes will end up being to prefer the route that is received first. This makes it kinda random.

sdoremus33 Sat, 07/12/2008 - 17:37

If you are running in a private as there is the following bgp command

router bgp

neighbor x.x.x.x y.y.y.y ignore-private-as HTH


This Discussion