×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

iBGP Next-hop Self

Unanswered Question
Sep 14th, 2009
User Badges:
  • Blue, 1500 points or more

Hi, folks;


Lets do a little BGP 101 review, shall we?


We know that iBGP passes the next hop information learned through eBGP to its iBGP neighbor. So, we know that if the iBGP neighbor does not have a route to the eBGP next hop, then it wont place the route in the BGP table. We are told that you must run an IGP for the iBGP neighbor to learn about that next hop.


http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpnexthop


But that sounds incorrect, now that I actually have to make a decision as to whether to deploy the next hop self command.


I have 2 internet routers running eBGP to their ISPs and iBGP between each other. If I dont have the next hop self command configured, each iBGP neighbor will have the eBGP ISP next hop as their next hop, but you dont have to be running an IGP for them to learn about how to reach that next hop.


Each router will advertise that directly connected subnet through iBGP.\\So, what Im saying is that if router 1 loses its eBGP connection to the ISP, it will learn all the internet routes through the iBGP connection and have router 2's eBGP next hop as its next hop. But that is no big deal because it will know how to get to it because router 2 will advertise a route to it through iBGP.


Making sense?


Any thoughts?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Edison Ortiz Mon, 09/14/2009 - 19:50
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

We are told that you must run an IGP for the iBGP neighbor to learn about that next hop.


We need IGP within an iBGP configuration for the peering process as the best practice calls for loopback peering to avoid single point of failure. If you decide to peer with physical interfaces, then you don't need an IGP.


An IGP can be useful for the next-hop-self but it's not as necessary as the peering process I explained above.


But that is no big deal because it will know how to get to it because router 2 will advertise a route to it through iBGP.


If it passes the next-hop validation on the received route, the iBGP peer is simply performing route reflection.


__


Edison.


lamav Mon, 09/14/2009 - 23:05
User Badges:
  • Blue, 1500 points or more

Edison:


I agree and have already implemented a design which leverages the loopback interfaces and an IGP when creating an iBGP peering.


But the link I posted addresses the dilemma of the next hop not being reachable by an iBGP neighbor, so it says to run an IGP...


But, the fact of the matter is that, if I remove th enext hop self command, the internet routers will advertise the Internet routing table to each other, as well as the eBGP next hop, so they will know how to get to it and the next hop self command is not needed.



Edison Ortiz Tue, 09/15/2009 - 13:09
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

But the link I posted addresses the dilemma of the next hop not being reachable by an iBGP neighbor, so it says to run an IGP...


Agreed, I wanted to pointed out the main reason for running IGP on iBGP peering and the main reason is not due to the 'next-hop-self' but the loopback peering - I understand your point - well taken..


But, the fact of the matter is that, if I remove th enext hop self command, the internet routers will advertise the Internet routing table to each other, as well as the eBGP next hop, so they will know how to get to it and the next hop self command is not needed.


Thus one of those BGP routers would receive routes from 2 providers and the next-hop information would be of each ISP instead of your peering iBGP - concept is clear. What we need to find out if the next-hop information from the local ISP passes the 'next-hop validation' process.


The next-hop IP address from the non-directly connected ISP must be received with the next-hop of your iBGP.


For instance:


ISP1

|

192.168.1.0/30

|

CE1


ISP2

|

192.168.1.4/30

|

CE2



CE2 would need to advertise 192.168.1.4/30 to CE1 in order to pass the next-hop validation on CE1.


Once the next-hop validation passes, CE1 can send recursive routes directly to ISP2 either via CE2 or ISP1, whichever CE1 finds closer in route metric.


HTH,


__


Edison.

lamav Tue, 09/15/2009 - 19:07
User Badges:
  • Blue, 1500 points or more

Edison, Im sorry, dude. I didnt even see your response until right now....


To answer your question, it does pass the next-hop validation prcoess.


R1 and R2 learn the Internet routing table from their ISP peer. They then advertise their BGP tables to each other with a next-hop that is their eBGP peer (the ISP). So, each router of course will place their eBGP routes in the RIB because it will select eBGP over iBGP.


Moreover, the next hop (/30 ISP subnet for eBGP) is advertised in the iBGP update, so if R1 loses its eBGP connection, it will perform the recursive route lookup for the iBGP-advertised next-hop and have a route to it.


In this circumstace - in which R1 loses it eBGP route -- I think the next-hop self command isnt needed. But I was wondering if their is some sort of best practice of always using the nhs command, regardless....perhaps some scenario I am not thinking of.


Thanks, again, and my apologies for not noticing your answer earlier.


Victor


Stefan Timuta Wed, 05/10/2017 - 17:01
User Badges:

A static route on both ends would be a best thing to use to make the base IP connectivity to the neighbours. Then TCP can make its way without problems.

shivlu jain Mon, 09/14/2009 - 23:21
User Badges:
  • Silver, 250 points or more

Running iBGP means, requirement of full mesh which is not possible in core until and unless customers routes need to be transported. This is the reason IGP is best to use in cloud.



regards

shivlu jain

lamav Mon, 09/14/2009 - 23:39
User Badges:
  • Blue, 1500 points or more

My question is do you need to use the next hop self command if your iBGP neighbor is also advertising a route, through iBGP, to the eBGP neighbor?



YANGCCIE4 Tue, 09/15/2009 - 06:32
User Badges:

the nexthopself usually is used at the edge router which is responsible to receive the routes from your isp and advertise the these ebgp routes in iBGP;

All other routers will see that edge router is the next hop for routes from IPS. They then know how to sent the packet in case they receive the the packet which destination address point to eBGP host, then they know, ok, I am going to sent the packet to that edge router, he will transit these packets to outsde;

If you dont use this command, you might find some routers in your iBGP network do not know where to sent the packets, because the next-hop is unreachable in the routing table

For thoes packets destination is a eBGP host -- you may see that routes in the routing table,but does not mean they are pingable, the routers in iBGP need the igp next hop to be directed where to sent those packets.



lamav Tue, 09/15/2009 - 09:27
User Badges:
  • Blue, 1500 points or more

Hi, thanks for the information.


I know what iBGP is used for and everything you mentioned.


My question is very specific:


If the iBGP routers ARE indeed learning about the route to the eBGP next hop, is it necessary to use the next hop self command? Is there some value in using it in this particular case?


Thanks!


Giuseppe Larosa Tue, 09/15/2009 - 09:34
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Victor,


if a BGP network statement on R2 describes the ip subnet between R2 and its eBGP peer and it is advertised on the iBGP session of R2 to R1 you should be fine.


The BGP next-hop check is passed even without next-hop-self and without using an IGP.


I remember I tried this in lab some years ago.


In real world you may be able to do this or not if you care of who is authorized to advertise that prefix (if it is provider space but it is enough to not propagate on eBGP sessions I would say)


Hope to help

Giuseppe



Joseph W. Doherty Tue, 09/15/2009 - 15:21
User Badges:
  • Super Bronze, 10000 points or more

If the eBGP next hop is also carried via an IGP, then (I recall) next hop self isn't needed for iBGP. The advantage of using next hop self the eBGP next hop address might not "nicely" fall into your internal IP addressing scheme.

lamav Tue, 09/15/2009 - 18:57
User Badges:
  • Blue, 1500 points or more

Thanks, guys, Appreciate the input.


Joseph, a special thanks for your succinct answer that pinpointed my concern.


Victor

Actions

This Discussion