Why can't our ISP see our network advertised via bgp

Unanswered Question
Sep 10th, 2008

We are implimenting a new subnet

172.20.255.8/255.255.255.248

172.20.255.9 HSRP VIP gw

172.20.255.10 router A

172.20.255.11 router b

172.20.255.12

172.20.255.13

172.20.255.14

172.20.255.15

I have configured the .10 address as a secondary IP address on one of the ethernet interfaces. But our ISP is saying they do not see us sending the route, but I believe we have it configured correctly

router ospf 711

log-adjacency-changes

redistribute connected subnets

redistribute bgp 65002 subnets

network 192.168.2.0 0.0.0.255 area 1

network 192.168.100.0 0.0.0.255 area 1

network 192.168.118.0 0.0.0.255 area 1

network 192.168.255.0 0.0.0.255 area 1

router bgp 65vv2

no synchronization

bgp log-neighbor-changes

network 192.168.255.128 mask 255.255.255.248

redistribute ospf 711 match internal external 1 external 2 route-map none-from-

bgp

neighbor 192.168.255.10 remote-as 3561

neighbor 192.168.255.10 prefix-list fr-3561 in

neighbor 192.168.255.10 prefix-list to-3561 out

no auto-summary

ip prefix-list fr-3561 seq 5 deny 192.168.1.0/24

ip prefix-list fr-3561 seq 6 deny 192.168.21.0/24

ip prefix-list fr-3561 seq 10 permit 192.168.0.0/16 le 32

ip prefix-list fr-3561 seq 15 permit x2.1x.37.xxx/26 le 32

ip prefix-list fr-3561 seq 20 permit 2x.xx.135.xxx/26 le 32

ip prefix-list fr-3561 seq 25 permit 6x.14.xx.xxx/28 le 32

ip prefix-list fr-3561 seq 30 permit 172.30.0.0/16 le 32

ip prefix-list fr-3561 seq 35 permit 172.20.0.0/16 le 32

!

ip prefix-list to-3561 seq 5 deny 192.168.1.0/24

ip prefix-list to-3561 seq 10 permit 192.168.0.0/16 le 32

access-list 2 permit 192.168.1.0 0.0.0.255

access-list 150 deny ip host 192.168.2.15 any

access-list 150 permit ip any any

route-map none-from-bgp deny 10

match tag 3561

!

route-map none-from-bgp permit 20

This is what our ISP has in their router

access-list 45 permit 172.20.0.0 0.0.255.255

ISProuter#show ip bgp neighbors 192.168.255.9 received-routes BGP table version is 81678, local router ID is 192.168.255.10 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 192.168.2.0 192.168.255.9 0 0 65002 ?

* 192.168.255.8/30 192.168.255.9 0 0 65002 ?

*> 192.168.255.44/30

192.168.255.9 2 0 65002 ?

*> 192.168.255.128/29

192.168.255.9 0 0 65002 i

Total number of prefixes 4

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
satish_zanjurne Wed, 09/10/2008 - 07:06

hi

can you see the secondary address in your routing table ??

can you paste the output of your routing table ??

nygenxny123 Wed, 09/10/2008 - 07:29

currently i only have the .9-.11 configured on the routers..but im not sure they would be able to if they arent seeing the network

nygenxny123 Wed, 09/10/2008 - 07:38

sure

myrouter#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level

ia - IS-IS inter area, * - candidate default, U - per-user static r

o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.2.246 to network 0.0.0.0

B 192.168.166.0/24 [20/5003] via 192.168.255.10, 4d11h

B 192.168.88.0/24 [20/5003] via 192.168.255.10, 4d11h

B 192.168.13.0/24 [20/4] via 192.168.255.10, 3w4d

B 192.168.167.0/24 [20/5003] via 192.168.255.10, 5d13h

B 192.168.133.0/24 [20/5003] via 192.168.255.10, 4d11h

B 192.168.14.0/24 [20/5] via 192.168.255.10, 3w4d

B 192.168.151.0/24 [20/5003] via 192.168.255.10, 01:44:52

B 192.168.164.0/24 [20/5003] via 192.168.255.10, 1d05h

192.168.120.0/24 is variably subnetted, 2 subnets, 2 masks

B 192.168.120.0/24 [20/5003] via 192.168.255.10, 4d11h

B 192.168.120.248/29 [20/4] via 192.168.255.10, 3w4d

B 192.168.15.0/24 [20/4] via 192.168.255.10, 3w4d

B 192.168.150.0/24 [20/5003] via 192.168.255.10, 3d22h

B 192.168.165.0/24 [20/5003] via 192.168.255.10, 4d11h

B 192.168.93.0/24 [20/5003] via 192.168.255.10, 4d11h

B 192.168.162.0/24 [20/5003] via 192.168.255.10, 4d11h

B 192.168.9.0/24 [20/4] via 192.168.255.10, 1w4d

B 192.168.92.0/24 [20/4] via 192.168.255.10, 3w4d

B 192.168.163.0/24 [20/5003] via 192.168.255.10, 1w0d

B 192.168.10.0/24 [20/4] via 192.168.255.10, 1w4d

B 192.168.160.0/24 [20/5003] via 192.168.255.10, 07:25:41

172.20.0.0/16 is variably subnetted, 4 subnets, 2 masks--------

B 172.20.255.0/29 [20/5003] via 192.168.255.10, 1w4d----------

C 172.20.255.8/29 is directly connected, GigabitEthernet0/1-----------------

B 172.20.255.32/29 [20/4] via 192.168.255.10, 4d06h--------

B 172.20.0.0/16 [20/4] via 192.168.255.10, 1w4d------

B 172.30.0.0/16 [20/4] via 192.168.255.10, 1w4d--------

192.168.124.0/32 is subnetted, 6 subnets

B 192.168.124.100 [20/5003] via 192.168.255.10, 03:55:58

B 192.168.124.101 [20/5003] via 192.168.255.10, 02:33:24

B 192.168.124.102 [20/5003] via 192.168.255.10, 02:42:37

B 192.168.124.103 [20/5003] via 192.168.255.10, 02:21:43

B 192.168.124.96 [20/5003] via 192.168.255.10, 01:37:48

B 192.168.124.97 [20/5003] via 192.168.255.10, 01:34:13

B 192.168.161.0/24 [20/5003] via 192.168.255.10, 4d11h

B 192.168.251.0/24 [20/4] via 192.168.255.10, 1w4d

192.168.157.0/29 is subnetted, 2 subnets

rsgamage1 Wed, 09/10/2008 - 09:24

Hi,

What does your show ip bgp neighbor [isp-bgp peer IP] advertised-routes say ?

nygenxny123 Wed, 09/10/2008 - 10:08

myrouter#sh ip bgp neighbors 192.168.255.10 advertised-routes

BGP table version is 48381, local router ID is 192.168.255.130

Status codes: s suppressed, d damped, h history, * valid, > best, i - interna

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 192.168.2.0 0.0.0.0 0 32768 ?

*> 192.168.255.8/30 0.0.0.0 0 32768 ?

*> 192.168.255.44/30

192.168.2.247 2 32768 ?

*> 192.168.255.128/29

0.0.0.0 0 32768 i

Total number of prefixes 4

cfolkerts Wed, 09/10/2008 - 08:11

You can't redistribute into one routing protocol then redistribute again into another routing protocol. You have a few options.

router ospf 711

network 172.20.255.8 0.0.0.7 area 1

or

router bgp 65xxx

network 172.20.255.8 mask 255.255.255.248

or

router bgp 65xxx

redistribute connected

HTH

nygenxny123 Wed, 09/10/2008 - 10:25

cfolkerts

Is it that im not advertising at all or am redistributing twice?

cfolkerts Wed, 09/10/2008 - 10:29

You are not advertising it at all. You can verify this by issuing the command "show ip bgp neigh x.x.x.x advertised-routes" which appears that you have done already. Just add the network command to BGP and all will be OK.

router bgp 65xxx

network 172.20.255.8 mask 255.255.255.248

HTH

nygenxny123 Wed, 09/10/2008 - 11:43

thx..will do

I went into another sites router..basically the same config..and looked it over..we are also adding a different subnet..but i dont see where it is advertised

Yet..BGP is advertising it from the sh ip

bgp nei........advertised routes

router ospf 711

router-id 192.168.92.251

log-adjacency-changes

redistribute connected subnets

redistribute static subnets

redistribute bgp 65007 subnets

network 192.168.92.0 0.0.0.255 area 1

!

router bgp 65007

no synchronization

bgp log-neighbor-changes

redistribute connected

redistribute ospf 711 match internal external 1 external 2 route-map none-from

bgp

neighbor 192.168.255.30 remote-as 3561

neighbor 192.168.255.30 prefix-list fr-3561 in

neighbor 192.168.255.30 prefix-list to-3561 out

no auto-summary

ip prefix-list fr-3561 seq 10 permit 192.168.0.0/16 le 32

ip prefix-list fr-3561 seq 15 permit 64.14.47.xx/26 le 32

ip prefix-list fr-3561 seq 20 permit 216.74.135.xxxx/26 le 32

ip prefix-list fr-3561 seq 25 permit 64.14.46.xxx/28 le 32

ip prefix-list fr-3561 seq 30 permit 172.20.0.0/16 le 32

!

ip prefix-list to-3561 seq 10 permit 192.168.0.0/16 le 32

ip prefix-list to-3561 seq 15 permit 172.20.255.32/29 le 32

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 25 permit 192.168.0.0 0.0.255.255

myrouter#sh ip bgp neighbors 192.168.255.30 advertised-routes

BGP table version is 66093, local router ID is 192.168.255.29

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 172.20.255.32/29 0.0.0.0 0 32768 ?

*> 192.168.92.0 0.0.0.0 0 32768 ?

*> 192.168.255.28/30

0.0.0.0 0 32768 ?

*> 192.168.255.32/30

192.168.92.252 20 32768 ?

Total number of prefixes 4

rsgamage1 Wed, 09/10/2008 - 12:06

172.20.255.32/29 is redistributed into BGP. ? sign indicates as incomplete meaning that it's being redistributed. Check directly connected networks. You should see this network in your routing table as directly connected.

nygenxny123 Wed, 09/10/2008 - 12:28

hi rsmage1, i checked the second site and this is what i have for that network

172.20.0.0/16 is variably subnetted, 3 subnets, 2 masks

B 172.20.255.0/29 [20/5004] via 192.168.255.30, 4d10h

C 172.20.255.32/29 is directly connected, GigabitEthernet0/1

B 172.20.0.0/16 [20/4] via 192.168.255.30, 4d10h

but in the first site example i also show that network as connected..wouldnt it also be advertised?

B 192.168.160.0/24 [20/5003] via 192.168.255.10, 12:16:50

172.20.0.0/16 is variably subnetted, 4 subnets, 2 masks

B 172.20.255.0/29 [20/5003] via 192.168.255.10, 1w4d

C 172.20.255.8/29 is directly connected, GigabitEthernet0/1

B 172.20.255.32/29 [20/4] via 192.168.255.10, 4d10h

B 172.20.0.0/16 [20/4] via 192.168.255.10, 1w4d

B 172.30.0.0/16 [20/4] via 192.168.255.10, 1w4d

router ospf 711

log-adjacency-changes

redistribute connected subnets

redistribute bgp 6x02 subnets

network 192.168.2.0 0.0.0.255 area 1

network 192.168.100.0 0.0.0.255 area 1

network 192.168.118.0 0.0.0.255 area 1

network 192.168.255.0 0.0.0.255 area 1

cfolkerts Wed, 09/10/2008 - 12:34

Check the difference between the bgp configuration between your first and second sites.

rsgamage1 Wed, 09/10/2008 - 12:35

So you are redistributing 172.20.255.8/29 connected network into BGP with,

router bgp 65007

redistribute connected.

I suppose you could do the same thing on your first router such that it will advertise your /29 network to ISP via BGP.

cfolkerts Wed, 09/10/2008 - 12:24

Under the router bgp 65007, the command "redistribute connected" is implemented. This will advertise the network 172.20.255.32/29 since it is connected.

nygenxny123 Thu, 09/11/2008 - 06:08

ok i updated the bgp config and still no go.hmm

router bgp 65002

no synchronization

bgp log-neighbor-changes

network 192.168.255.128 mask 255.255.255.248

redistribute connected

redistribute ospf 711 match internal external 1 external 2 route-map none-from

bgp

neighbor 192.168.255.10 remote-as 3561

neighbor 192.168.255.10 prefix-list fr-3561 in

neighbor 192.168.255.10 prefix-list to-3561 out

no auto-summary

!

ip route 6c.14.cc.ccc 255.255.255.255 192.168.100.253

ip route 6c.14.47.ccc 255.255.255.255 192.168.100.249

ip route 192.168.1.0 255.255.255.0 192.168.100.249

ip route 192.168.1.0 255.255.255.0 192.168.100.253

!

myrouter#sh ip bgp neighbors 192.168.255.10 advertised-routes

BGP table version is 48498, local router ID is 192.168.255.130

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 192.168.2.0 0.0.0.0 0 32768 ?

*> 192.168.255.8/30 0.0.0.0 0 32768 ?

*> 192.168.255.44/30

192.168.2.247 2 32768 ?

*> 192.168.255.128/29

0.0.0.0 0 32768 i

Total number of prefixes 4

\

interface GigabitEthernet0/1

description ToLocal LAN

ip address 192.168.2.236 255.255.255.0 secondary

ip address 172.20.255.10 255.255.255.248 secondary

ip address 192.168.2.245 255.255.255.0

rsgamage1 Thu, 09/11/2008 - 06:27

On your second site you have a prefix-list applied for 172.20.255.32/29

ip prefix-list to-3561 seq 15 permit 172.20.255.32/29 le 32

So you have to apply the corresponding prefix-list for outbound BGP traffic.

ip prefix-list to-3561 seq 15 permit 172.20.255.8/29 le 32

nygenxny123 Thu, 09/11/2008 - 06:54

so i have to apply a prefix list to my first site

ip prefix-list to-3561 seq 40 permit 172.20.255.8/29 le 32

I would have thought these prefix list would have already allowed it

ip prefix-list fr-3561 seq 30 permit 172.30.0.0/16 le 32

ip prefix-list fr-3561 seq 35 permit 172.20.0.0/16 le 32

rsgamage1 Thu, 09/11/2008 - 06:57

I would have thought these prefix list would have already allowed it ...

Well, if you check your BGP configuration you can see they are applied on inbound updates. I've also misread it initially.

neighbor 192.168.255.10 prefix-list fr-3561 in

rsgamage1 Thu, 09/11/2008 - 07:17

Yes,

ip prefix-list to-3561 seq 40 permit 172.20.255.8/29 le 32 should do the needful.

nygenxny123 Thu, 09/11/2008 - 07:26

thxx!

*> 172.20.255.8/29 0.0.0.0 0 32768 ?

*> 192.168.2.0 0.0.0.0 0 32768 ?

*> 192.168.255.8/30 0.0.0.0 0 32768 ?

*> 192.168.255.44/30

192.168.2.247 2 32768 ?

*> 192.168.255.128/29

0.0.0.0 0 32768 i

Total number of prefixes 5

now i just have to figure out why

I would have thought these prefix list would have already allowed it

ip prefix-list fr-3561 seq 30 permit 172.30.0.0/16 le 32

ip prefix-list fr-3561 seq 35 permit 172.20.0.0/16 le 32

didnt allow it initially...i dont see where

this was limited to inbound

rsgamage1 Thu, 09/11/2008 - 07:36

i dont see where this was limited to inbound..

router bgp 65vv2

:

neighbor 192.168.255.10 prefix-list fr-3561 in

does it.

rsgamage1 Thu, 09/11/2008 - 08:14

Have a look at,

neighbor {neighbor IP} prefix-list {Name} {in | out}

Here,

in filters "incoming" updates whereas

out filters "outgoing" updates.

Hope this will clarify your doubts.

nygenxny123 Thu, 09/11/2008 - 10:41

but isnt the out

neighbor 192.168.255.10 prefix-list to-3561 out

and

the statement

ip prefix-list fr-3561 seq 35 permit 172.20.0.0/16 le 32

would have allowed it to go out

allowing

rsgamage1 Thu, 09/11/2008 - 11:18

But these are two different prefix-lists

to-3561 and fr-3561

So if you want to match with outbound updates then it should be as follows;

neighbor 192.168.255.10 prefix-list to-3561 out

ip prefix-list to-3561 seq 35 permit 172.20.0.0/16 le 32

Actions

This Discussion