Question on BGP and secondary IP's on physical interfaces

Unanswered Question
Aug 24th, 2008

HI,

i have a 3845 with a external interface for peering BGP with the carrier for network 216.24.238.0 which works right. This network is on a loopback because I'm doing NAT.

I also have a physical interface with IP 216.24.227.0 as primary and 216.24.228.0 as secondary.

Even with the router bgp statement with network 216.24.227.0 and 228.0, only the primary interface gets advertised. For some reason the secondary netblock 216.24.228.0 does not get propagated through BGP. This is my issue. I dont understand why the seconday IP is not getting advertised.

Is there a way around this?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Sun, 08/24/2008 - 04:34

Nelson

In addition to the configuration requested by Srini I believe that it would be helpful if you post the output of show ip protocol and show ip route from the router (if the ip route output is large at least post every line from the output that relates to these networks that you mention).

It will be important to see whether auto-summary is enabled or not, what masks are used in the interface and whether the BGP network statements specify any mask.

HTH

Rick

rsgamage1 Sun, 08/24/2008 - 05:00

Hi,

What is your conclusion that the secondary network is not getting advertised, based on?

If you swap these networks(primary/secondary) do you see the same behavior? This would be a good thing to start off with, if you haven't done so already.

Then you could check for any filtering applied(outbound filtering at your end and inbound filtering by the peering partner).

srinivas_816 Sun, 08/24/2008 - 05:49

Auto-summary behavior has changed across Cisco IOS software releases. Initially, auto-summary was enabled by default. However, with Cisco bug ID CSCdu81680 ( registered customers only) this behavior has changed. In the latest Cisco IOS, auto-summary is disabled by default. When auto-summary is enabled, it summarizes the locally originated BGP networks to their classfull boundaries. Auto-summary is enabled by default in BGP. When auto-summary is disabled, the routes introduced locally into the BGP table are not summarized to their classfull boundaries. When a subnet exists in the routing table and these three conditions are satisfied, then any subnet of that classfull network in the local routing table will prompt BGP to install the classfull network into the BGP table.

Classfull network statement for a network in the routing table

Classfull mask on that network statement

Auto-summary enabled

For example, if the subnet in the routing table is 75.75.75.0 mask 255.255.255.0, and you configure network 75.0.0.0 under the router bgp command, and auto-summary is enabled, BGP introduces the classfull network 75.0.0.0 mask 255.0.0.0 in the BGP table.

If these three conditions are not all met, then BGP does not install any entry in the BGP table unless there is an exact match in the local routing table.

Note: If the AS that performs BGP does not own the complete classfull network, Cisco recommends that you issue the no auto-summary command under router bgp in order to disable auto-summary.

router bgp ABCDE

no synchronization

bgp log-neighbor-changes

network 10.1.227.0 mask 255.255.255.0

network 10.1.228.0 mask 255.255.255.0

no auto-summary

or

router bgp ABCDE

no synchronization

bgp log-neighbor-changes

network 10.1.227.0 mask 255.255.254.0

no auto-summary

Regards

Srinivas

Harold Ritter Sun, 08/24/2008 - 05:51

Nelson,

Assuming the netmask for both the primary and the secondary interface ip addresses match the one configured on the bgp network statements (/24 by default for 216.24.227.0 and 228.0), both should be advertised in BGP.

Regards,

pipsadmin Mon, 08/25/2008 - 03:37

ok, lots of questions here, I'll respond as best I can.

I only want networks 216.24.227.0, 228.0 and 238.0 to be advertised on this router.

~

interface Loopback1

ip address 216.24.238.2 255.255.255.0

~

!

interface GigabitEthernet0/1

description BGP_TO_MCI_CAMPAIGNER

ip address 216.24.228.1 255.255.255.0 secondary

ip address 216.24.227.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no ip mroute-cache

duplex auto

speed 100

media-type rj45

no cdp enable

no mop enabled

!

~

router bgp 17358

no synchronization

bgp log-neighbor-changes

network 216.24.227.0

network 216.24.228.0

network 216.24.238.0

redistribute connected

redistribute static

neighbor 209.167.212.241 remote-as 701

neighbor 209.167.212.241 description MCI_link

neighbor 209.167.212.241 version 4

neighbor 209.167.212.241 soft-reconfiguration inbound

neighbor 209.167.212.241 distribute-list 199 in

neighbor 209.167.212.241 distribute-list 101 out

no auto-summary

~

Extended IP access list 101

10 permit ip host 216.24.227.0 host 255.255.255.0 (2 matches)

20 permit ip host 216.24.228.0 host 255.255.255.0 (2 matches)

30 permit ip host 216.24.238.0 host 255.255.255.0 (5 matches)

~

Extended IP access list 199

10 permit ip any any (4 matches)

~

Routing Protocol is "bgp 17358"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

IGP synchronization is disabled

Automatic route summarization is disabled

Redistributing: connected, static

Unicast Aggregate Generation:

Neighbor(s):

Address FiltIn FiltOut DistIn DistOut Weight RouteMap

209.167.212.241 199 101

Maximum path: 1

Routing Information Sources:

Gateway Distance Last Update

209.167.212.241 20 18w1d

Distance: external 20 internal 200 local 200

Hope that this can clear some resasoning behind the problem I have.

Thanks...

P.S.: In order to get traffic in for the 3 networks, I had to tell the carrier to staticlly route 227 and 228 to us.

This temporary fix works, although I would like everything in BGP.

Richard Burts Mon, 08/25/2008 - 04:05

Nelson

In your original post you indicated that the primary address was advertised but not the secondary. In this post you are indicating that both the primary and secondary had to be statically routed. Can you clarify this?

It might help us find the issue if you would post the output of show ip interface brief, of show ip route (can we verify that these routes are in the local routing table) and of show ip bgp (or if that is large then show ip bgp for the three routes that you want to advertise.

HTH

Rick

pipsadmin Mon, 08/25/2008 - 04:20

I mean the secondary IP on the interface G0/1.

Gateway of last resort is 209.167.212.241 to network 0.0.0.0

C 220.220.220.0/24 is directly connected, Loopback2

C 216.24.238.0/24 is directly connected, Loopback1

209.167.212.0/29 is subnetted, 1 subnets

C 209.167.212.240 is directly connected, FastEthernet3/0

C 216.24.227.0/24 is directly connected, GigabitEthernet0/1

10.0.0.0/8 is variably subnetted, 13 subnets, 3 masks

S 10.10.8.0/22 [1/0] via 10.10.71.1

C 10.10.14.0/24 is directly connected, FastEthernet2/1

C 10.10.15.0/24 is directly connected, FastEthernet2/0

S 10.10.65.0/24 is directly connected, GigabitEthernet0/0

is directly connected, GigabitEthernet0/1

C 10.10.71.0/24 is directly connected, FastEthernet3/1

C 10.10.72.0/24 is directly connected, GigabitEthernet0/0

S 10.10.112.0/24 [1/0] via 10.10.72.101

S 10.10.113.0/24 [1/0] via 10.10.72.101

S 10.10.114.0/24 [1/0] via 10.10.72.101

S 10.10.115.0/24 [1/0] via 10.10.72.104

S 10.10.116.0/24 [1/0] via 10.10.72.104

S 10.10.117.0/24 [1/0] via 10.10.72.104

S 10.10.120.0/21 [1/0] via 10.10.72.105

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback3

C 192.168.0.0/24 is directly connected, Loopback0

S 192.168.1.0/24 [1/0] via 10.10.71.1

S 192.168.237.0/24 [1/0] via 10.10.14.8

C 216.24.228.0/24 is directly connected, GigabitEthernet0/1

S* 0.0.0.0/0 [1/0] via 209.167.212.241

Interface IP-Address OK? Method Status Prot ocol

GigabitEthernet0/0 10.10.72.1 YES NVRAM up up

GigabitEthernet0/1 216.24.227.1 YES manual up up

FastEthernet0/0/0 unassigned YES unset administratively down down

FastEthernet0/0/1 unassigned YES unset administratively down down

FastEthernet0/0/2 unassigned YES unset administratively down down

FastEthernet0/0/3 unassigned YES unset administratively down down

Serial0/3/0 unassigned YES NVRAM administratively down down

FastEthernet2/0 10.10.15.6 YES NVRAM up up

FastEthernet2/1 10.10.14.2 YES NVRAM up up

FastEthernet3/0 209.167.212.243 YES NVRAM up up

FastEthernet3/1 10.10.71.2 YES NVRAM up up

IDS-Sensor4/0 11.11.11.11 YES TFTP up up

Vlan1 unassigned YES NVRAM administratively down down

Vlan10 216.24.239.1 YES NVRAM administratively down down

Vlan20 216.24.239.129 YES NVRAM administratively down down

Vlan65 10.10.65.1 YES NVRAM administratively down down

NVI0 unassigned NO unset up up

Loopback0 192.168.0.3 YES NVRAM up up

Loopback1 216.24.238.2 YES manual up up

Loopback2 220.220.220.220 YES NVRAM up up

Loopback3 11.11.11.11 YES NVRAM up up

pipsadmin Mon, 08/25/2008 - 04:20

BGP table version is 130, local router ID is 220.220.220.220

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

r> 0.0.0.0 209.167.212.241 0 0 701 i

*> 10.10.8.0/22 10.10.71.1 0 32768 ?

*> 10.10.14.0/24 0.0.0.0 0 32768 ?

*> 10.10.15.0/24 0.0.0.0 0 32768 ?

*> 10.10.65.0/24 0.0.0.0 0 32768 ?

*> 10.10.71.0/24 0.0.0.0 0 32768 ?

*> 10.10.72.0/24 0.0.0.0 0 32768 ?

*> 10.10.112.0/24 10.10.72.101 0 32768 ?

*> 10.10.113.0/24 10.10.72.101 0 32768 ?

*> 10.10.114.0/24 10.10.72.101 0 32768 ?

*> 10.10.115.0/24 10.10.72.104 0 32768 ?

*> 10.10.116.0/24 10.10.72.104 0 32768 ?

*> 10.10.117.0/24 10.10.72.104 0 32768 ?

*> 10.10.120.0/21 10.10.72.105 0 32768 ?

*> 11.11.11.0/24 0.0.0.0 0 32768 ?

*> 192.168.0.0 0.0.0.0 0 32768 ?

*> 192.168.1.0 10.10.71.1 0 32768 ?

Network Next Hop Metric LocPrf Weight Path

*> 192.168.237.0 10.10.14.8 0 32768 ?

*> 209.167.212.240/29

0.0.0.0 0 32768 ?

*> 216.24.227.0 0.0.0.0 0 32768 i

*> 216.24.228.0 0.0.0.0 0 32768 i

*> 216.24.238.0 0.0.0.0 0 32768 i

*> 220.220.220.0 0.0.0.0 0 32768 ?

rsgamage1 Mon, 08/25/2008 - 04:28

What about the carrier side? Are all your network announcements allowed?

Richard Burts Mon, 08/25/2008 - 04:44

Nelson

Thank you for the additional information. The things that you have posted look to me like your BGP should be advertising all three routes. Especially when all three are in your local BGP table as shown:

*> 216.24.227.0 0.0.0.0 0 32768 i

*> 216.24.228.0 0.0.0.0 0 32768 i

*> 216.24.238.0 0.0.0.0 0 32768 i

It might be helpful if you would post the output of show ip bgp neighbor 209.167.212.241 advertised-route. I expect that it would show that all three routes are advertised. It is looking to me more like it is an issue on the neighbor side than on your side.

HTH

Rick

pipsadmin Mon, 08/25/2008 - 04:49

show ip bgp neighbor 209.167.212.241 advertised-route

Shows the same, all 3 routes advertised....

This was not the case when I set this up late saturday night, hence the reason I asked the Peer to setup a static route.

Now, I'm affraid to have that static route removed, and traffic being affected....?!?

rsgamage1 Mon, 08/25/2008 - 04:49

If it says that your networks are advertised to the peer (sth like the following or using sh ip bgp neighbors {neighbor ip} advertised-routes)

#sh ip bgp 216.24.227.0

BGP routing table entry for 216.24.227.0/24, version 3

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Advertised to non peer-group peers:

216.24.228.1

then I suppose it would be better to double check this with your transit provider(carrier)

Giuseppe Larosa Mon, 08/25/2008 - 10:51

Hello Nelson,

these subnets are registered to different AS numbers

see below

> 216.24.227.0 0.0.0.0 0 32768 i

*> 216.24.228.0 0.0.0.0 0 32768 i

*> 216.24.238.0 0.0.0.0 0 32768 i

here are the results from etabeta.seabone.net a european public looking glass

216.24.227.0/24 AS path : 1239 701 belongs to AS 701

216.24.228.0/24 AS path : 1239 701 belongs to AS 701

216.24.238.0/24 AS path : 1239 701 17358 belongs to AS 17358

AS 701 is UUNET now Verizon = MCI your provider

from http://www.arin.net

OrgName: eToll, Inc.

OrgID: ETOLLI

Address: 1260 University St.

Address: 5th Floor

City: Montreal

StateProv: QC

PostalCode: H3B-3B9

Country: CA

ASNumber: 17358

ASName: ETOLL1

ASHandle: AS17358

Comment:

If your routers are in AS 17358 it is correct that only 216.24.238.0/24 is seen on the internet.

The other two prefixes are registered to AS701 and cannot be seen in the internet as originated in AS 17358 this would be wrong.

A public IP Prefix belongs to only one AS number.

Check with your provider:

or you stay with the static routes or they change the registration so that these prefixes are with AS 17358 and you can advertise them

Secondary ip addresses are not the issue here.

Hope to help

Giuseppe

Giuseppe Larosa Tue, 08/26/2008 - 02:16

Hello Ranil,

you have been the first to understand this issue

the subnets are not registered with AS17358

Best Regards

Giuseppe

Actions

This Discussion