07-15-2010 09:55 AM - edited 03-04-2019 09:04 AM
I am changing the routing config for all our sites, We have a head office and 9 remote sites. Our line provider originally wrote the configs, but the backup links never worked, so I am re-writing them myself.
And I've come across a confusion with the BGP side of things.
Each site is in the same BGP AS! They connect to core routers which are in different AS but each of our sites is in the same AS. When I recreate this in my lab I cannot get the routes for each site to propagate. When I make the remote sites a different AS then the routes propagate fine.
I cannot see what they've done to achieve this.
Here's the BGP config for HO:
router bgp xxxxx
no synchronization
bgp router-id x.x.x.x
bgp log-neighbor-changes
network 10.123.123.176 mask 255.255.255.248
network 10.200.1.1 mask 255.255.255.255
network 10.255.200.32 mask 255.255.255.252
network x.x.x.x mask 255.255.255.252
aggregate-address 10.200.0.0 255.255.0.0 summary-only
neighbor x.x.x.x remote-as XXXX
neighbor x.x.x.x description Global
neighbor x.x.x.x default-originate
neighbor x.x.x.x soft-reconfiguration inbound
no auto-summary
!
and here's the BGP for a remote-site:
router bgp xxxxx
no synchronization
bgp router-id x.x.x.x
bgp log-neighbor-changes
network 10.1.2.0 mask 255.255.255.0
network 10.123.125.0 mask 255.255.255.248
network 10.202.1.1 mask 255.255.255.255
network 10.255.200.40 mask 255.255.255.252
network x.x.x.x mask 255.255.255.252
aggregate-address 10.202.0.0 255.255.0.0 summary-only
neighbor x.x.x.x remote-as XXXX
neighbor x.x.x.x soft-reconfiguration inbound
no auto-summary
!
In my lab I have advertised the network of the HO lan on the core routers, but that didn't do the trick.
Please help!!
Thanks for reading.
07-15-2010 10:37 AM
What's your end goal exactly? BGP using the same AS is an iBGP environment. In order for you to be able to get a route directly to a remote site, I would think you'd need to set up ebgp-multihop in order to get this to work. I'd have to test it. Are you trying to get off of the iBGP scenario?
For example, let's say that all of your sites is in AS100 and the provider is AS200. The provider will have in their routing table the routes (in this case, your summaries) in their table pointing to your serial side that matches where the summary is coming from, and whatever other routes you're advertising. A summary route is hard to "fail over" to because summaries help with flapping links, etc. It also depends on how your site is laid out if a backup route makes sense. If you have only 1 exit point from your branch, then a backup route won't help.
John
07-15-2010 11:48 AM
Hello Charles,
>> Each site is in the same BGP AS! They connect to core routers which are in different AS but each of our sites is in the same AS
BGP loop prevention avoids to learn BGP routes with an AS path attribute that already contains your own AS number.
So what you see when all remote sites share the same AS number is
Two possible options:
- you change so that you different private AS numbers at each remote site
- you keep them as now but you use the command
neigh x.x.x.x allowas-in
towards the eBGP session that can carry these routes with duplicated AS number in their AS path
it is not clear if your SP is giving you a L3 VPN service or simply a collection of links.
if it is a collection of L2 links (no SP routers involved) you could fix this by putting all devices in the same AS, that is moving to an iBGP cloud.
with iBGP in order to propagate routes the central site routers must act as BGP route reflector server
for each remote site you would need on Central site router:
neigh y.y.y.y route-reflector-client
this would allow propagation of routes from remote to remote via central site routers.
Hope to help
Giuseppe
07-16-2010 04:30 AM
Thanks Giuseppe,
your line
neigh xxxx allowas-in
worked a treat.
It's not what our routing company have done, they must have some config in the core, but it works a treat.
Thanks
07-16-2010 04:39 AM
Hi,
However, you should be carefull with this command , it can easily introduce loop , its always recommended to set the number of next hops that allows - as in is configured: ie:
neighbor x.x.x.x allpw-as in y (where y is the number of hops allowing the as)
HTH
Mohamed
07-16-2010 08:51 AM
Hello Mohamed,
I agree about the risks of the command but the default value of y= number of occurrences of your ASN in AS path is 1, so he should be fine with default settings.
Usually a parameter has to be specified to accept routes with your own ASN prepended
Hope to help
Giuseppe
07-19-2010 05:31 AM
Thanks guys, I will check for loops carefully in my lab
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: