cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
783
Views
10
Helpful
12
Replies

BGP ISP Announcement Issue

Rick Morris
Level 6
Level 6

I am running BGP with my provider and wanted to announce a /23 to them. We are not multihomed so we are using a private AS with them. They blackholed my traffic by injecting a static route in their network. They have that issue resolved however require me to announce 2 /24's to them. I don't mind doing that but the issue I have now is I need to put the /24's on my lan interface and now require the use of a secondary IP address. I was told that they added a static route for the /23 to a null interface and when the traffic enters in their network the traffic on their network will see the /24's. What can I do to tell them to get this straighten out? I should not have to set up 2 /24's for them to get this right?

12 Replies 12

paolo bevilacqua
Hall of Fame
Hall of Fame

ip route x.x.x.x y.y.y.y null0

that is the static route to avoid secondary addresses.

Then it's really not clear what really the problem is, can't you just drop BGP for the time being ?

My scenerio is

2 7206 routers both announcing the same networks connecting back to 2 4948's running glbp. I am load sharing the traffic.

I believe I am also connected to 2 different routers in the provider edge too, this was requested per DR requirements. If I run equal weight static routes this will not be an issue outbound since the GLBP will be done before getting to the router. However, incoming is in question. From what I understand you cannot have the same IP block being statically routed to a customer via 2 separate routers.

Here is the config from my router:

interface GigabitEthernet0/1

ip address 68.233.49.1 255.255.255.0 secondary

ip address 68.233.48.1 255.255.255.0

!

router bgp 64768

no synchronization

bgp log-neighbor-changes

network 68.233.48.0 mask 255.255.255.0

network 68.233.49.0 mask 255.255.255.0

redistribute static

neighbor 65.119.166.253 remote-as 209

neighbor 65.119.166.253 description QWEST-DIA-BGP

neighbor 65.119.166.253 version 4

neighbor 65.119.166.253 soft-reconfiguration inbound

neighbor 65.119.166.253 route-map DIA-IN in

neighbor 65.119.166.253 route-map DIA-OUT out

no auto-summary

!

ip route 68.233.48.0 255.255.255.0 Null0

ip route 68.233.49.0 255.255.255.0 Null0

!

ip prefix-list DIA-OUT seq 5 permit 68.233.48.0/24

ip prefix-list DIA-OUT seq 10 permit 68.233.49.0/24

!

route-map DIA-OUT permit 10

match ip address prefix-list DIA-OUT

set metric 0

set local-preference 100

!

If I remove the secondary IP and expand the block to a /23 on the g0/1 interface I am not able to telnet, ping, traceroute to the IP. If I subnet it to a /24 I can get to it, but then the .49.0/24 network is not reachable.

If you want announce the /23, you need:

network 68.233.48.0 mask 255.255.254.0

and the corresponding route to null0.

However, the ISP may be filtering your announcements making any change ineffective.

The thing is that I'm not quite sure what exactly you want to attain.

Hello Rick,

I guess this is the same network that you have described in the other thread about adding a PA-GE.

>> I was told that they added a static route for the /23 to a null interface and when the traffic enters in their network the traffic on their network will see the /24's. What can I do to tell them to get this straighten out? I should not have to set up 2 /24's for them to get this right?

your provider is aggregating your prefixes to a /23 and/or it has configured this /23 route to null0 as a safety measure under the hyphotesis you can send two distinct /24 subnets.

there is also the aggregate-address command but I'm not sure that sending a /23 to them allow you to override their static route to waste bin=null0.

Also you don't need the static to null0 if you have a connected interface with ip address x.y.48.0/24.

About the x.y.49.0 you are probably not using it.

Otherwise if it is in use you just need

network x.y.49.0 mask 255.255.255.0

and a static route pointing to x.y.49.0/24

By the way, remember that this a public forum so you should hide some details of your public ip addresses for safety.

>> If I subnet it to a /24 I can get to it, but then the .49.0/24 network is not reachable.

check with provider if they accept the x.y.49.0/24 prefix it looks like you are hitting their waste bin.

you can help yourself by using some looking glass to see how your prefixes are known over the internet.

A useful link for finding looking glasses is

www.traceroute.org

also check the website of your provider they should provide a looking glass service.

Hope to help

Giuseppe

I'm not sure I am explaining it very well.

I am confident in what I need to do on my end, but not so much confident in my provider to do what needs to be done. Our environment uses a lot of NATing, we have used about 95% of our current /24 that we have to turn back in since we are changing providers and the former employees were clueless to Networking...we now have our own block.

My issue is not so much in my config, I had to make adjustments because of what the provider is doing.

My issue is I have a /23 that the provider is FORCING me to announce as 2 /24's because of what they did on their side. If I look from the providers looking glass I see the /24 of each network. If I look from a different provider I see the /23. Again this is not so much the issue. The issue is forcing me to use a /24 instead of using my /23. This is causing me to use the secondary IP because if I use the /23 on the Gig Interface then I cannot even ping it locally. I am just not aware of what the provider is doing to make me do such a thing. Should I not be able to announce whatever size block, as long as I own it, and then expect the provider to re-advertise out to their peers for me with the same information, yes I know as long as it is larger than a /24.

No you shall not be able to announce whatever.

Right or wrong it's the upstream ISP that decides for you, even more when considering you have no public ASN and no PI address.

Now for your issue, what I understand is that you can do whatever you please as long you have the two network statements for /24 and the two /24 in routing table be that due to static route, secondary address or what else.

That should not cause you any problem as these are just announcements and you're unlikely to get any benefit announcing a single /23 instead.

"No you shall not be able to announce whatever"

I know this. They will filter what I announce to them to avoid any mistakes on my part. That is not what I am referring to. We now own our own public IP range of a /20 and I vlsm'd it for our 100+ sites.

I agree with everything. Now that I think I confirmed everything allow me to interject another config.

I want to announce another block that is for HA/DR purposes, another /23 that will be at our back up site that we may need to have routed to our main site when the HA/DR site goes off the map. Where would I set this block on my router? My initial thought was to use that block as the secondary IP address, but if that is being used what do I do now?

Hello Rick,

>> My initial thought was to use that block as the secondary IP address, but if that is being used what do I do now?

routers support multiple secondary ip addresses on same interface if this can be useful.

Hope to help

Giuseppe

Always use the null0 route with an higher AD. If and when the same prefix will appear in your routing protocol, thta will take precedence, in the the meanwhile you're free to use whatever block cut from it.

Hello Rick,

>> If I look from the providers looking glass I see the /24 of each network. If I look from a different provider I see the /23. Again this is not so much the issue. The issue is forcing me to use a /24 instead of using my /23.

this happens because they have configured a static route to null0 probably on the router(s) connecting to yours.

A floating static route to null0 with AD 200 for example would allow you to advertise the /23 and them to have a safety "drop to waste bin" in case the eBGP session fails.

You can contact them and you can ask them to make their static to null0 a floating static route because you would like to send a /23 and not two /24.

However, as Paolo has noted whatever method you use to advertise the two /24 this shouldn't be a problem unless you are using already a /23 prefix in your network.

And I'm starting to think this is your case.

>> My issue is I have a /23 that the provider is FORCING me to announce as 2 /24's because of what they did on their side.

talk with service provider if they don't accept to modify their static route consider to split your /23 in two /24 subnets.

Proxy-ARP could help in this making transition smoother.

Hope to help

Giuseppe

haha...thanks, I thought I understood this all correctly but needed to have someone help clear up the muddy water for me. I am going to apply for my own ASN tomorrow and control what I need to from my own network instead of the ISP. I don't think we are doing anything too weird, maybe not the typical straight forward set-up but still doable.

You both have helped me a lot.

Thanks!

My scenerio is

2 7206 routers both announcing the same networks connecting back to 2 4948's running glbp. I am load sharing the traffic.

I believe I am also connected to 2 different routers in the provider edge too, this was requested per DR requirements. If I run equal weight static routes this will not be an issue outbound since the GLBP will be done before getting to the router. However, incoming is in question. From what I understand you cannot have the same IP block being statically routed to a customer via 2 separate routers.

Here is the config from my router:

interface GigabitEthernet0/1

ip address 68.233.49.1 255.255.255.0 secondary

ip address 68.233.48.1 255.255.255.0

!

router bgp 64768

no synchronization

bgp log-neighbor-changes

network 68.233.48.0 mask 255.255.255.0

network 68.233.49.0 mask 255.255.255.0

redistribute static

neighbor 65.119.166.253 remote-as 209

neighbor 65.119.166.253 description QWEST-DIA-BGP

neighbor 65.119.166.253 version 4

neighbor 65.119.166.253 soft-reconfiguration inbound

neighbor 65.119.166.253 route-map DIA-IN in

neighbor 65.119.166.253 route-map DIA-OUT out

no auto-summary

!

ip route 68.233.48.0 255.255.255.0 Null0

ip route 68.233.49.0 255.255.255.0 Null0

!

ip prefix-list DIA-OUT seq 5 permit 68.233.48.0/24

ip prefix-list DIA-OUT seq 10 permit 68.233.49.0/24

!

route-map DIA-OUT permit 10

match ip address prefix-list DIA-OUT

set metric 0

set local-preference 100

!

If I remove the secondary IP and expand the block to a /23 on the g0/1 interface I am not able to telnet, ping, traceroute to the IP. If I subnet it to a /24 I can get to it, but then the .49.0/24 network is not reachable.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco