BGP

Unanswered Question
Feb 14th, 2010
User Badges:

Hi experts,


We have the following senario and I need a sloution for it please.


.

The current senarion is one router installed in HQ for each romote sites and BGP is configured among them.


The needed senarion:

On 3845 router installed in HQ and connected to more than 4 remote sites, each remote site has it is own AS.


How can we configure the HQ router wich connected to more than router with more than AS.


Thanks... 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Peter Paluch Sun, 02/14/2010 - 03:34
User Badges:
  • Cisco Employee,

Hello,


In short - you cannot. A router can run only one BGP instance and therefore belong only to a single AS. Within BGP paradigm, the boundary between autonomous systems is on links, not on routers.


Having each of your routers running BGP in a different autonomous system should not be a problem at all. Do you have a problem configuring your router to run BGP peering with other neighbors in different ASes?


Best regards,

Peter

amarmn1975 Sun, 02/14/2010 - 04:37
User Badges:

Thanks for your reply..


I just want you to know that now we have three routes in HQ connected to three remote sites each router has it is instant . Now we want to bring a big router and plug all the links to it.


Regards..

Ammar Al Hayyani

IP Telephony Specialist

Information Technology

Abu Dhabi Ports Company


Phone +971 2 695 2142   +971 50 6146553

Fax +971 2 695 2111

Email [email protected]

PO Box 54477, Abu Dhabi, UAE

Website www.adpc.ae

Giuseppe Larosa Sun, 02/14/2010 - 05:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ammar,

as Peter has noted building 3-4 eBGP sessions is not a problem.


Use a new and different AS number on HQ router.


router bgp 65001

neigh 10.10.10.2 remote-as 65002

neigh 10.10.20.2 remote-as 65003

neigh 10.10.30.2 remote-as 65004

neigh 10.10.40.2 remote-as 65005


some notes :

use private AS numbers in range (64512-65535) it can be helpful for the future.

if you want to build sessions using loopbacks you need to provide:

static routes to tell how to reach the BGP endpoint

you need to use


conf t

ip route 20.20.20.2 255.255.255.255 10.10.10.2


router bgp 65001

neigh 20.20.20.2 remote-as 65002

neigh 20.20.20.2 update-source loop1

neigh 20.202.20.2 ebgp-multihop 2


Hope to help

Giuseppe

Peter Paluch Sun, 02/14/2010 - 08:50
User Badges:
  • Cisco Employee,

Giuseppe,


Thanks a lot for adding to my answer.


In situations where two directly connected routers should be peered in eBGP using their loopbacks, I often like to use the disable-connected-check option instead of ebgp-multihop. The disable-connected-check skips the test whether the peer is on a directly connected network but still sends the TCP packets using the TTL=1.


Best regards,

Peter

Reza Sharifi Sun, 02/14/2010 - 14:19
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

paluchpeter wrote:


Giuseppe,


Thanks a lot for adding to my answer.


In situations where two directly connected routers should be peered in eBGP using their loopbacks, I often like to use the disable-connected-check option instead of ebgp-multihop. The disable-connected-check skips the test whether the peer is on a directly connected network but still sends the TCP packets using the TTL=1.


Best regards,

Peter


Hello Peter,


Good seeing you on the forum.


Regarding BGP disable-connected-check, this command has to deployed in addition to ebgp-multihop command not instead.

So, I am wondering, what is the use of disable-connected-check command if you have to use it in conjunction with ebgp-multihop.  You may as well just use "ebgp-multihop 2"and not worry about disable-connected-check command at all.


Thanks,

Reza





This command is required only when the neighbor ebgp-multihopcommand is configured with a TTL value of 1. The address of the single-hop eBGP peer must be reachable. The neighbor update-sourcecommand must be configured to allow the BGP routing process to use the loopback interface for the peering session.

Examples

In the following example, a single-hop eBGP peering session is configured between two BGP peers that are reachable on the same network segment through a local loopback interface on each router:

BGP Peer 1

Router(config)# interface loopback 1 

Router(config-if)# ip address 10.0.0.100 255.255.255 

Router(config-if)# exit 

Router(config)# router bgp 64512 

Router(config-router)# neighbor 192.168.0.200 remote-as 65534 

Router(config-router)# neighbor 192.168.0.200 ebgp-multihop 1 

Router(config-router)# neighbor 192.168.0.200 update-source loopback 2 

Router(config-router)# neighbor 192.168.0.200 disable-connected-check

Router(config-router)# end 
Peter Paluch Sun, 02/14/2010 - 22:17
User Badges:
  • Cisco Employee,

Hello Reza,


Thank you for your kind words - I am also glad to have found some time to visit the forum again.


Regarding the snippet from the command reference you have posted - I believe it should be understood in the following way: The disable-connected-check is meaningful only if the ebgp-multihop is set to 1. Having the ebgp-multihop set to higher value than 1 also implies the disable-connected-check though it may not be visible in the configuration.


Note that for eBGP peers, the ebgp-multihop 1 is the default value:


R2(config)#router bgp 1
R2(config-router)#nei 1.2.3.4 remote-as 2
R2(config-router)#nei 1.2.3.4 ebgp-multihop 1
R2(config-router)#exit
R2(config)#do show run | sec router bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 1.2.3.4 remote-as 2
no auto-summary
R2(config)#


So - yes, the command reference is correct, the disable-connected-check should be used with ebgp-multihop 1, however, that is already the default value with eBGP peers. It does not have any effect with ebgp-multihop set to 2 or more.


Does this make more sense?


Best regards,

Peter

Reza Sharifi Mon, 02/15/2010 - 06:22
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

paluchpeter wrote:


Hello Reza,


Thank you for your kind words - I am also glad to have found some time to visit the forum again.


Regarding the snippet from the command reference you have posted - I believe it should be understood in the following way: The disable-connected-check is meaningful only if the ebgp-multihop is set to 1. Having the ebgp-multihop set to higher value than 1 also implies the disable-connected-check though it may not be visible in the configuration.


Note that for eBGP peers, the ebgp-multihop 1 is the default value:


R2(config)#router bgp 1
R2(config-router)#nei 1.2.3.4 remote-as 2
R2(config-router)#nei 1.2.3.4 ebgp-multihop 1
R2(config-router)#exit
R2(config)#do show run | sec router bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 1.2.3.4 remote-as 2
no auto-summary
R2(config)#


So - yes, the command reference is correct, the disable-connected-check should be used with ebgp-multihop 1, however, that is already the default value with eBGP peers. It does not have any effect with ebgp-multihop set to 2 or more.


Does this make more sense?


Best regards,

Peter


Hello Peter,


Yes, it does make sense.  I think what is confusing about ebgp-multihop command is that usually a default command is not a command you manually have to add.  for example when you create a new BGP session as the one you did here, the command "bgp log-neighbor-changes" and/or "no auto-summary" is already included so you don't need to added them manually.  But in the case ebgp-multihop you have to added it with value on 1 and then it does not show it in the config.  The other interesting part of this command is that if you enter ebgp-multihop without any values, it will assign 255 which is the highest.


T-1(config-router)#neighbor 10.10.10.1 remote-as 100  
T-1(config-router)#neighbor 10.10.10.1 ebgp-multihop  
T-1(config-router)#do sh run | sec bgp                
router bgp 65222
neighbor 10.10.10.1 remote-as 100
neighbor 10.10.10.1 ebgp-multihop 255

Thanks,

Reza

Peter Paluch Mon, 02/15/2010 - 08:03
User Badges:
  • Cisco Employee,

Hi Reza,


I would personally put it down this way:


    1. There are default commands which are visible in the configuration, and there are default commands which are invisible. This is a matter of the configuration parser in IOS and there is little to be done about it. It is in my opinion one of the confusing things about IOS CLI - it's not consistent.
    2. For eBGP peers, the ebgp-multihop 1 is the default setting.
    3. Specifying only ebgp-multihop without specifying the TTL value causes the TTL 255 to be used. Obviously, we have to distinguish between a default (i.e. used when not explicitely specified) command, which is the ebgp-multihop 1, and a default parameter of an explicitely specified command ebgp-multihop, which is 255.


Best regards,

Peter

milan.kulik Mon, 02/15/2010 - 08:56
User Badges:
  • Red, 2250 points or more

Hi Peter,


I agree, just one comment:


ad 1. default commands which are visible in the configuration:

IMHO, commands which are default in the latest IOS but were not in some previous IOS releases are visible and inserted automatically to keep backward compatibility.

BGP "no auto-summary" is a good example - command default behavior changed to disabled since 12.2(8)T.

BR,

Milan

Peter Paluch Mon, 02/15/2010 - 11:54
User Badges:
  • Cisco Employee,

Hi Milan,


You're absolutely correct. That makes perfect sense. Thanks!


Best regards,

Peter

Actions

This Discussion