×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Multihomed BGP issue

Answered Question
Jul 16th, 2012
User Badges:

We are an ISP and we are trying to give internet access to a client via BGP. The client already has a primary connection with AT&T and is using our service as a backup. We have a complete routing table in our router and we are only giving the client 4 networks which they desire via a route-map. For discussion sake lets say our ASN number is 40000 the client ASN number is 27000. Our router ip is 10.156.130.91 and the client is 10.156.130.81. Ping is working fine and the BGP state is established but when the client brings down their primary internet connection with AT&T they are unable to route outside and get a message expired in transit from the 130.91 ip address. Our config is as follows:


router bgp 40000

bgp log-neighbor-changes

neighbor 10.156.130.81 remote-as 27309

neighbor 10.156.130.81 route-map rm_peer_3_in in

neighbor 10.156.130.81 route-map rm_peer_3_out out

neighbor 10.156.130.100 remote-as 40725

!

ip prefix-list pl_peer_3_in seq 5 permit 12.132.104.0/24

ip prefix-list pl_peer_3_in seq 10 permit 12.208.151.0/24

ip prefix-list pl_peer_3_in seq 15 permit 76.233.231.0/24

ip prefix-list pl_peer_3_in seq 20 permit 69.0.104.0/24

ip prefix-list pl_peer_3_in seq 21 permit 0.0.0.0/32

ip prefix-list pl_peer_3_in seq 25 deny any

ip prefix-list pl_peer_3_out seq 5 permit 12.132.104.0/24

ip prefix-list pl_peer_3_out seq 10 permit 12.208.151.0/24

ip prefix-list pl_peer_3_out seq 15 permit 76.233.231.0/24

ip prefix-list pl_peer_3_out seq 20 permit 69.0.104.0/24

ip prefix-list pl_peer_3_out seq 21 permit 0.0.0.0/32

ip prefix-list pl_peer_3_out seq 25 deny any

!

route-map rm_peer_3_out permit 5

match ip address prefix-list pl_peer_3_out

!

route-map rm_peer_3_in permit 5

match ip address prefix-list pl_peer_3_in


The client configuration is:


interface FastEthernet0/0/0
ip address 10.156.130.81 255.255.255.192
duplex auto
speed auto

router bgp 27000
no synchronization
bgp log-neighbor-changes
bgp inject-map ORIGINATE exist-map LEARNED_ROUTE
network 12.132.104.0 mask 255.255.255.0
network 12.132.104.0 mask 255.255.255.128
network 12.208.151.0 mask 255.255.255.128
network 69.0.104.0 mask 255.255.255.0
network 76.233.231.0 mask 255.255.255.0
aggregate-address 69.0.104.0 255.255.255.0 summary-only
aggregate-address 12.208.151.0 255.255.255.0 summary-only
aggregate-address 12.132.104.0 255.255.255.0 summary-only
neighbor 12.91.XX.YYY remote-as 7000
neighbor 12.91.XX.YYY weight 10
neighbor 12.91.XX.YYY route-map ATT_NO_EXPORT in
neighbor 10.156.130.91 remote-as 40000
neighbor 10.156.130.91 send-community
neighbor 10.156.130.91 distribute-list 6 out
neighbor 10.156.130.91 route-map Backup in
neighbor 10.156.130.91 route-map Comcast-Community out
neighbor 10.156.130.91 advertise-map ADV non-exist-map NONEXIST
neighbor 10.156.130.91 ebgp-multihop 255
no auto-summary
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.156.130.91 30
ip route 192.168.40.0 255.255.255.0 76.233.231.3 permanent
no ip http server
no ip http secure-server
!
ip bgp-community new-format
!
ip prefix-list ROUTE seq 5 permit 0.0.0.0/0
!
ip prefix-list ROUTE_SOURCE seq 5 permit 12.91.XX.YYY/32
!
ip prefix-list UNAGGREGATED_ROUTES seq 5 permit 1.1.1.1/32
!
access-list 1 permit any
access-list 2 deny  any
access-list 3 permit any
access-list 5 permit 1.1.1.1
access-list 6 permit 12.132.104.0 0.0.0.255
access-list 6 permit 69.0.104.0 0.0.0.255
access-list 6 permit 12.208.151.0 0.0.0.255
access-list 6 permit 76.233.231.0 0.0.0.255
!
!
!
!
route-map NONEXIST permit 10
match ip address 5
!
route-map Backup permit 10
match ip address 1
set community no-export
!
route-map Comcast-Community permit 10
match ip address 3
set community 7922:100
!
route-map ATT_NO_EXPORT permit 10
match ip address 1
set community no-export
!
route-map ORIGINATE permit 10
set ip address prefix-list UNAGGREGATED_ROUTES
!
route-map LEARNED_ROUTE permit 10
match ip address prefix-list ROUTE
match ip route-source prefix-list ROUTE_SOURCE
!
route-map ADV permit 10
match ip address 6
!
route-map AS-PREPEND permit 10
match ip address 1
set as-path prepend 27000 27000 27000 27000      

Correct Answer by Giuseppe Larosa about 5 years 1 month ago

Hello Faze1sari,

they (the customer)  have to advertise to you their public IP networks, how can routing on the return path work when the primary ISP is failed?

This is the basic idea of BGP multihoming


the prefix list in 'in' direction should list different IP subnets then the other one as far as I can understand. However, I can miss something.


Hope  to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Mon, 07/16/2012 - 10:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Faze1sari,


there are some basic notes about your configuration


a) a default route should be represented as 0.0.0.0/0 not as 0.0.0.0/32


b)  why the route filters applied to the customer are equal?  this doesn't make sense the two prefix-list pl_peer_3_out and pl_peer_3_in permit the same IP prefixes I would expect you to provide a default route and some routes not  to receive a default route from customer and the same set of routes.


c) what is the use of the inject-map on customer router? if the customer router receives a default route from expected route source it generates a route for 1.1.1.1/32 that is not sent to your router ( there is the distribute-list 6 towards your router and that prefix is not included) so what is its use?


Hope to help

Giuseppe

faze1sari Mon, 07/16/2012 - 10:10
User Badges:

Giuseppe,


Thanks for your response I have made the following changes on my side:

ip prefix-list pl_peer_3_in seq 5 permit 12.132.104.0/24

ip prefix-list pl_peer_3_in seq 10 permit 12.208.151.0/24

ip prefix-list pl_peer_3_in seq 15 permit 76.233.231.0/24

ip prefix-list pl_peer_3_in seq 20 permit 69.0.104.0/24

ip prefix-list pl_peer_3_in seq 25 deny any

ip prefix-list pl_peer_3_out seq 5 permit 12.132.104.0/24

ip prefix-list pl_peer_3_out seq 10 permit 12.208.151.0/24

ip prefix-list pl_peer_3_out seq 15 permit 76.233.231.0/24

ip prefix-list pl_peer_3_out seq 20 permit 69.0.104.0/24

ip prefix-list pl_peer_3_out seq 21 permit 0.0.0.0/0

ip prefix-list pl_peer_3_out seq 25 deny any


Also we are not supposed to receive any routes from the client we are providing them with routes not the other way around.

Correct Answer
Giuseppe Larosa Mon, 07/16/2012 - 10:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Faze1sari,

they (the customer)  have to advertise to you their public IP networks, how can routing on the return path work when the primary ISP is failed?

This is the basic idea of BGP multihoming


the prefix list in 'in' direction should list different IP subnets then the other one as far as I can understand. However, I can miss something.


Hope  to help

Giuseppe

Actions

This Discussion

Related Content