BGP Problem ?

Unanswered Question
Aug 30th, 2008
User Badges:

Hi,


We have a BGP multihoming setup with same upstream provider and we are using 2 * routers for this setup at our end. We are recieving default routes from provider and advertising our prefixes to provider from both edge routers. Both edge routers are connected with firewalls and these firewalls are connected with 2* core switches. We had a problem yesterday after upgradation of OS of both firewalls that traffic from internet was reaching to servers from 1 internet link but on the other link it was dropping on router. This problem was nothing to do with firewall upgradation bcz traffic was reaching from other link. So I shuted down the bgp neighbor relationship with provider and then resume after a while. After this step traffic started coming from this router towards firewall as well. Kindly shed some light on this issue , what could be the possible issue ? it seems strange.


Regards,


Mujeeb

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 08/31/2008 - 01:48
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Mujeeb,

it is difficult to understand what happened without more details.

You say that the second router was dropping traffic coming from internet with destination your prefixes.

Have you configured on the edge router floating static routes pointing to Null0 (with an high AD) for your prefixes in order to have it announce always your prefixes ?

I guess you have also static routes for your prefixes via the firewall.

Could the firewall os upgrade change the MAC address on the NIC ? Unlikely but possible so this could be an ARP table issue: if at least 4 hours before restoration this is enough to time out ARP entry.

Have you configured any form of unicast RPF feature on the edge routers ?

And Have the two edge routers an iBGP session between them ?


I would suggest you to provide a filtered version of your edge routers config in order to enable further investigation


Hope to help

Giuseppe

Actions

This Discussion