×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

BGP: Customer network announcing error (not advertised)

Answered Question
Mar 3rd, 2014
User Badges:

Hi to all.

Our company - is small business ISP. We have two BGP upstreams, and some customers who connect with us via BGP. Day ago, our customer opened a case that we don't announce his network to the "global network". I can see, that he announce me his network, and BGP add this prefix to the routing table. But when i open prefix detail - i see that prefix not advertised to any peer.


Here is sh run :


router bgp xxx

bgp router-id xx.xx.xx.xx

bgp log-neighbor-changes

neighbor xx.xx.xx.xx remote-as xxxx

neighbor xx.xx.xx.xx description Customer

neighbor yy.yy.yy.yy remote-as yyyy

neighbor yy.yy.yy.yy description Uplink

!

address-family ipv4

  neighbor xx.xx.xx.xx activate

  neighbor xx.xx.xx.xx default-originate

  neighbor xx.xx.xx.xx soft-reconfiguration inbound

  neighbor xx.xx.xx.xx prefix-list DEFAULT out

  neighbor xx.xx.xx.xx prefix-list Deny-Default in

neighbor yy.yy.yy.yy activate

  neighbor yy.yy.yy.yy prefix-list BizTel out

  neighbor yy.yy.yy.yy filter-list 1 out

exit-address-family


ip as-path access-list 1 permit ^$

ip as-path access-list 1 permit ^xxxx$


ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0


ip prefix-list Deny-Default seq 10 deny 0.0.0.0/32

ip prefix-list Deny-Default seq 15 permit 0.0.0.0/0 le 32



sh ip bgp neighbors xx.xx.xx.xx received-routes:


   Network          Next Hop            Metric LocPrf Weight Path

*> 0.0.0.0          xx.xx.xx.xx                         0 xxxx xxxx yyyy i

*> zz.zz.zz.zz/24    xx.xx.xx.xx           0             0 xxxx xxxx i



sh ip bgp neigh xx.xx.xx.xx adv routes:



   Network          Next Hop            Metric LocPrf Weight Path

*> 0.0.0.0          xx.xx.xx.xx                         0 xxxx xxxx yyyy i



sh ip bgp  zz.zz.zz.zz /24:


BGP routing table entry for zz.zz.zz.zz/24, version 6503140

Paths: (3 available, best #1, table default)

  Not advertised to any peer

  xxxx xxxx, (received & used)

    xx.xx.xx.xx from xx.xx.xx.xx (cc.cc.cc.cc)

      Origin IGP, metric 0, localpref 100, valid, external, best


Can somebody help me with this question?

Correct Answer by Jon Marshall about 3 years 5 months ago

Hi Milan


Thanks for joining in.


b) well i always use 0.0.0.0/0 and i did suspect that was the issue. However there are Cisco docs on filtering the defautl in BGP showing the use of 0.0.0.0/32 to match the default route as well so without being able to test i just concentrated on the main issue.


c)  Yes he would and it is a reasonable assumption but because yyyy has been used everywhere it is difficult to be sure about what is going on ie if you look at the original outputs the default route being received from the customer and being advertised to the same customer has the same AS PATH which doesn't really make a lot of sense.


I suspect if we saw the true AS numbers instead of xxxx and yyyy it would make a lot more sense but like i say i was reluctant to say just do this without fully understanding the topology.


Jon

Correct Answer by milan.kulik about 3 years 5 months ago

Hi Jon,


I believe:

a) As you said already, the customer subnet is not advertised due to the

ip as-path access-list 1 permit ^xxxx$

not matching the AS_PATH ^xxxx xxxx$


b) There is a typo in

ip prefix-list Deny-Default seq 10 deny 0.0.0.0/32

should be

ip prefix-list Deny-Default seq 10 deny 0.0.0.0/0

to block the default route


c) The customer might be peering to another ISP and receiving another default route from him?

In that case he would advertise the default route with AS_PATH=xxxx xxxx yyyy, wouldn't he?


Best regards,

Milan

Correct Answer by Jon Marshall about 3 years 5 months ago

Hi Alain


It's not necessarily a problem advertising that route to the provider but the outputs are very confusing and i suspect we are not seeing the whole topology.


If the customer is doing prepending then this suggests there is another link from the customer.


The original outputs (if xx.xx.xx.xx is the customer) are not making sense to me especially how the default route is treated and it's not clear why there is a yyyy in the AS PATH.


It may be i am reading the outputs incorrectly (if you see them differently please dive in) but it's hard to tell as the OP hasn't explained anything so i have no idea how a change in the configuration will affect the entire topology.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Jon Marshall Mon, 03/03/2014 - 06:16
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

The outputs are very confusing ie.


sh ip bgp neighbors xx.xx.xx.xx received-routes:

   Network          Next Hop            Metric LocPrf Weight Path

*> 0.0.0.0          xx.xx.xx.xx                         0 xxxx xxxx yyyy i

*> zz.zz.zz.zz/24    xx.xx.xx.xx           0             0 xxxx xxxx i

presumably these are the routes received from the customer ?  If so -


1) why are you receiving a default from the customer with yyyy in the AS PATH ?


2) why are there two instances of xxxx in AS PATH for both routes in the AS PATH ?


also -


sh ip bgp neigh xx.xx.xx.xx adv routes:

   Network          Next Hop            Metric LocPrf Weight Path

*> 0.0.0.0          xx.xx.xx.xx                         0 xxxx xxxx yyyy i


if you are looking at routes advertised upstream why are you looking at advertised routes to the customer ?


It is difficult to say what is happening because you have blanked out all the information.


Finally you have -


neighbor yy.yy.yy.yy prefix-list BizTel out


but there is no such prefix list in the config you posted


Can you clarify by answering the above and perhaps explain how this is all setup ie. is x.x.x.x the customer and y.y.y.y your upstream provider.


The more information you can give the more we can help.


Jon

Sukhrob Gulyamov Mon, 03/03/2014 - 07:04
User Badges:

as you can see from running configuration - i applied prefix-list "Deny-Default" to not receive  default route from customer, but it still in the routing table, i don't know why ((


Jon Marshall Mon, 03/03/2014 - 07:17
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay a possible reason you are not advertising the route is this -


sh ip bgp neighbors xx.xx.xx.xx received-routes:

   Network          Next Hop            Metric LocPrf Weight Path

*> 0.0.0.0          xx.xx.xx.xx                         0 xxxx xxxx yyyy i

*> zz.zz.zz.zz/24    xx.xx.xx.xx           0             0 xxxx xxxx i


notice that there are two occurences of xxxx in the AS PATH. But you have this config -


neighbor yy.yy.yy.yy activate

  neighbor yy.yy.yy.yy prefix-list BizTel out

  neighbor yy.yy.yy.yy filter-list 1 out

exit-address-family

ip as-path access-list 1 permit ^$

ip as-path access-list 1 permit ^xxxx$

notice you are only matching the xxxx AS once but the the actual route advertisement has two as described above.


However that may not be the only problem so it may not fix it.


As i said your outputs don't make much sense to me especially the AS PATHs in the routes.


So if you do decide to make this change you do so at your own risk as you have not provided any more details as to how this is all setup so it may have unexpected consequences.


Jon

cadet alain Mon, 03/03/2014 - 06:26
User Badges:
  • Purple, 4500 points or more

Hi,

Could you post  sh ip prefix-list BizTel  as well as sh ip bgp filter-list 1  outputs


Regards


Alain




Don't forget to rate helpful posts.

Sukhrob Gulyamov Mon, 03/03/2014 - 07:12
User Badges:

Hi, thank you for answer,

here is

sh ip prefix list Biztel:

ip prefix-list BizTel: 5 entries

   seq 5 permit

   seq 10 permit

   seq 15 permit zz.zz.zz.zz/24

   seq 20 permit

   seq 25 permit


and

sh ip bgp filter-list 1 output shows all announce networks except zz.zz.zz.zz/24

cadet alain Mon, 03/03/2014 - 07:55
User Badges:
  • Purple, 4500 points or more

Hi,

So your as-path ACL is not matching the prefix and as Jon noticed the customer is doing AS-PATH prepending so you'll have to edit your AS-PATH ACL to take this fact into account.

Let's wait for Jon repies to know why it could be a potential problem to advertise this prefix to your upstream provider.


Regards


Alain



Don't forget to rate helpful posts.

Correct Answer
Jon Marshall Mon, 03/03/2014 - 08:07
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Alain


It's not necessarily a problem advertising that route to the provider but the outputs are very confusing and i suspect we are not seeing the whole topology.


If the customer is doing prepending then this suggests there is another link from the customer.


The original outputs (if xx.xx.xx.xx is the customer) are not making sense to me especially how the default route is treated and it's not clear why there is a yyyy in the AS PATH.


It may be i am reading the outputs incorrectly (if you see them differently please dive in) but it's hard to tell as the OP hasn't explained anything so i have no idea how a change in the configuration will affect the entire topology.


Jon

Correct Answer
milan.kulik Mon, 03/03/2014 - 08:40
User Badges:
  • Red, 2250 points or more

Hi Jon,


I believe:

a) As you said already, the customer subnet is not advertised due to the

ip as-path access-list 1 permit ^xxxx$

not matching the AS_PATH ^xxxx xxxx$


b) There is a typo in

ip prefix-list Deny-Default seq 10 deny 0.0.0.0/32

should be

ip prefix-list Deny-Default seq 10 deny 0.0.0.0/0

to block the default route


c) The customer might be peering to another ISP and receiving another default route from him?

In that case he would advertise the default route with AS_PATH=xxxx xxxx yyyy, wouldn't he?


Best regards,

Milan

Correct Answer
Jon Marshall Mon, 03/03/2014 - 08:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Milan


Thanks for joining in.


b) well i always use 0.0.0.0/0 and i did suspect that was the issue. However there are Cisco docs on filtering the defautl in BGP showing the use of 0.0.0.0/32 to match the default route as well so without being able to test i just concentrated on the main issue.


c)  Yes he would and it is a reasonable assumption but because yyyy has been used everywhere it is difficult to be sure about what is going on ie if you look at the original outputs the default route being received from the customer and being advertised to the same customer has the same AS PATH which doesn't really make a lot of sense.


I suspect if we saw the true AS numbers instead of xxxx and yyyy it would make a lot more sense but like i say i was reluctant to say just do this without fully understanding the topology.


Jon

milan.kulik Tue, 03/04/2014 - 01:03
User Badges:
  • Red, 2250 points or more

Hi Jon,


interesting!


I was also always using 0.0.0.0/0 to match the deafult route.

Could you please share some Cisco doc on filtering the default in BGP showing the use of 0.0.0.0/32 to match the default route?


I tested in my lab and it simply did not work.

Maybe with some old IOS version?


Best regards,

Milan

Jon Marshall Tue, 03/04/2014 - 09:06
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Milan


the sad thing is this document was reported as wrong by this forum to Cisco guys 3 years ago

Oh dear


I guess i missed that, but then as i always use the same prefix list entry as you i haven't ever tried it before.


Thanks for testing and clarifying.


Jon

Sukhrob Gulyamov Tue, 03/04/2014 - 00:17
User Badges:

Thank you guys, problem was in not matching in  ip as-path access-list

Problem have solved after adding as path ^xxxx xxxx$

Thank you again.

Actions

This Discussion

Related Content