BGP with Multi ASs

Marwan ALshawi · ‎02-10-2009

hi guys i have to following topology

R1(AS1)--IBGP--R2(AS1)--EBGP--R3(AS2)--EBGP--R4(AS3)

now i have added loop back addreses on R1 and advertised it thorugh network command under bgp and both IBGP peers can con ping that loop back

also i added lookpback on R4 AS 3

this one will be reachable by Ebgp

now the issue is

i can see all loopback on show ip bgp

thats mean its advertised corectly

R2 has next-hop-self ro R1 to solve the next hope issue

but when i ping between ASs i cant ping the advertsed loopbacks unless i advertise the networks between the deffrent ASs

for example if i want tp ping from R3 to R1 loopback address i need to advertise the IBGP link network address to R3 thourgh bgp to let it ping i think the return traffic need it !!

also if i wanna ping from R1 to R4 AS Loopback address i need to advertise the netwrok between R3 and R4

in other words i need to advertise the networks between ASs ( not directly connected) to get the ping work

by the way R2 peer with R3

R3 peer with R4

no direct peering between R2 and R4

is it normal to advertise those network between routers to get it ping ???

for IBGP no sync done

and it is directly connected no IGP \

but they ping but beyond thats i have the network advertisment need !!!

thank you

Edison Ortiz · ‎02-10-2009

You need to advertise the source of your ping, in this case the egress interface from the transit routers.

With IGP, this is done by default as you need to include the router interfaces in the network statement in order to form neighbor adjacency while with BGP, this step isn't needed unless you want to ping from the router.

HTH,

__

Edison.

Marwan ALshawi · ‎02-10-2009

Hi Edison

i understand that but i just wanted to confirme it

now for example

if i have three ASs

the midel one lets say the transit AS

need to advertise both directly connected ASs netowrks to let ping works tow WAys ??

for internal IBGP peer to make it reachable we need to adverise the internal link to that peer to make it reachable by outside EBGP peers ?

thanks

Edison Ortiz · ‎02-10-2009

if i have three ASs

the midel one lets say the transit AS

need to advertise both directly connected ASs netowrks to let ping works tow WAys ??

Yes, the middle router knows where to send the icmp echo but the destination does not know how to reach back the source of the ping thus it's unable to icmp echo-reply.

for internal IBGP peer to make it reachable we need to adverise the internal link to that peer to make it reachable by outside EBGP peers ?

I'm sorry - I don't follow..

__

Edison.

Laurent Aubert · ‎02-10-2009

Hi,

It's normal as the IP address used as the source is not propagated via BGP.

When you issue the ping from R3, it will use the IP address of its ouput interface as the source address of the ping. The echo will reach R1 loopback but R1 has no route to send the echo-reply unless you announce R2-R3 link into BGP.

With your configuration only ping between R1 and R4 loopback addresses will work:

ping R1|R4 loopback @ source R4|R1 loopback address

HTH

Laurent.

Marwan ALshawi · ‎02-10-2009

hi Laurent

actually the case not like this

what you said is partially right

the issue is with the source not being advertised or not reachable

i know how to solved by advertising the networks

but i am doing some CCIE preperations

and i wanna confirm that this is normal for multiple ASs i need to advertise my internal network links to let the outside AS reachmy advetised addresses such as a loopback address

and for reachability between EBGP peers spaning multiple AS

they need to have the network between the ASs seen in the routing table (bgp) to reach each one though ping

because i were able to see all advertsied route but no ping

asl o you have mention that i can ping from R1 to R4 while

without advertising the ntworks between the ASs i cant !!

thats why i wanted to make sure if this is the normal way ???

thanks guys

Marwan ALshawi · ‎02-10-2009

by the way i will try to make extended ping source from loopbacks as u said i think should pin !!

Laurent Aubert · ‎02-11-2009

Hi,

Routing is hop by hop decision so to troubleshoot you start from the router on which you initiate the ping (R3 in your case). On this router you check if you have an IP route to reach the destination. Once you know the next-hop, you connect to it and do the same check up to your destination (R1 in your case).

That was for the echo packet. Now you do the same thing for the echo reply. You check on R1 if you have a route to reach the destination (R3 ping source IP). Once you know the next-hop, connect to it and do the same check.

With this process you should find out who is missing a route.

HTH

Laurent.

Marwan ALshawi · ‎02-11-2009

hi guys

thanks for your notes

actually it was a basic issue but imortant as well

i have tried to make ping sourced from advertised loopbaks and worked thats which agree with both of your comments

i think i just confused at first

because it should be normal behaivor

by the way as long as we talking about BGP

i have question about route-map

as we know we can make the multiple matching as OR or AND

for example i wanna match traffic with AS 200 and community string 1:10

lets say i have community list 1

and as path list 1

the route map should be like

route-map map1 permit 10

match as-path 1

match comm-list 1

NOW if i wanna match any off them i mean as path OR comm-list how should the route map looks like ???

do i need to consult a policy -list or not ??

thanks again guys :)

Edison Ortiz · ‎02-11-2009

NOW if i wanna match any off them i mean as path OR comm-list how should the route map looks like ???

route-map map1 permit 10

match as-path 1

route-map map1 permit 20

match comm-list 1

Marwan ALshawi · ‎02-11-2009

what about if i do it like this is it OR as well :

Router(config)# ip policy-list POLICY-LIST-NAME-1 permit

Router(config-policy-list)# match as-path 1

Router(config-policy-list)# match metric 10

Router(config)# ip policy-list POLICY-LIST-NAME-2 permit

Router(config-policy-list)# match community 20

Router(config-policy-list)# match metric 10

according to cisco website doc the bellow one use OR:

Router(config)# route-map MAP-NAME-2 10

Router(config-route-map)# match policy-list POLICY-LIST-NAME-3 POLICY-LIST-NAME-4

Router(config-route-map)# set community 10:1

Router(config-route-map)# set local-preference 140

thank you

Edison Ortiz · ‎02-11-2009

Yes, there are many ways to skin the cat.

The solution you've posted (while not common) should work as well.

__

Edison.

Marwan ALshawi · ‎02-11-2009

cool

thaks for that