cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
624
Views
0
Helpful
9
Replies

BGP configuration Problem

mchakir
Level 1
Level 1

Hello Every Body,

I'm Mostafa CHAKIR from Moroccow, working as an telecom ingenieer, excuse my english is bad.

I'm configuring a cisco router to communicate with a juniper router with bgp routing protocol, every thing is OK, when I configured a bgp process in my router the bgp communication pass to estableched, and when i perform a "show ip route" command I see all route that the juniper router advertise. The problem is that in the other side they don't see my network, and my router show me a message :

*Mar 3 02:40:09.719: BGP: Applying map to find origin for 84.16.31.8/29

*Mar 1 00:05:06.331: BGP: Applying map to find origin for 84.16.31.8/29

In my side i use a private AS number, but in the other side they a public AS number, i will post an attachement diagram and the show-tec file.

Thank you for your help

9 Replies 9

mheusinger
Level 10
Level 10

Hi,

could you please post the output of

show ip bgp regexp ^$

show ip bgp neighbors 213.140.32.13 advertised-routes

The config looks fine, except I would install a couple of filters to secure your BGP.

Regards

Martin

Hi Martin,

Thank you for your response, I want to ask if the filters you want to install will resolve my problème, cause now I'm in test mode, there is no Firewall, but I place may laptop with a crose over cable direcly connected to the FastEthernet 0/1, and from the router console I can ping every IP address in the world, but from my laptop I can't do that.

Best Regards

Mostafa CHAKIR

One thing I noticed looking at your configuration is that you do not use the "neighbor x.x.x.x update-source" command.

It is usually recommended to configure a loopback address and to have te update-source pointing to it when running an eBGP multihop scenario. What address does your provider use to peer with you?

One more thing. The network statement will cause BGP to originate the route only if there is a matching route is present in the routing table. Can you see prefix 84.16.31.8/29 in your routing table. You should assuming fa0/1 is up.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thank you for your response,

First, I can't configure a loopback interface, because I can't subnet the 84.16.31.8/29 to make to the interface LoopBack it's own address, for the router they give only the 84.16.31.11.

Second, in my routing table i see that the 84.16.31.8/29 is directly connected to the FastEthernet 0/1 cause the interface is UP and directly connected into with a cross cable (With mu PC I simulate the FireWal).

Can you tell me what that will occur the command "neighbor x.x.x.x update-source".

Thank You

Mostafa CHAKIR

The address you would use on the loopback interface is not necesseraly an address off the subnet they give you. It could be a private IP address. More importantly, your ISP should tell you what is the address they use to peer with you and that is the address you should use on the loopback interface.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

I think the issue might be with your ISP not advertising the IP block they assigned to you. I looked on the Internet and the /24, from which they assigned the /29 they gave you, is not advertised.

It is normal that you can ping anywhere on the Internet from the router itself because you are using the serial interface address as your source address and these blocks are advertised by your SP. But when using the laptop behind the router, you actually use an address off that /29 they gave you and this block or the /24 that belongs to your ISP are not advertised on the Net.

You should definitely check with your provider.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thank You,

I want you to know that may ISP (In spain) are giving me a private AS number (65101), it is normal that i advertise a public network from a pricate AS number?

Can you give me the way to verify that the network I'm using is not advertised to the internet? I want to prove that to my ISP.

Thank you

Mostafa CHAKIR

Bonjour Mostafa,

The fact of advertising a public prefix using a private AS to your provider is not an issue since your provider will probaly remove the private AS or simply advertise an aggregate route covering your /29.

Did your provider tell you they don't receive the /29 you send them? Your configuration is rather simple and I see no reason for them not to receive it.

The other question is even if they receive it they should not advertise a /29 to the Internet but rather a /24. Did they give you the public IP address or do you own it. If you own it you should probably advertise the entire /24 and not a /29. A /29 will not propagate through the Internet as it will most probably be filtered either by your ISP or some other upstream ISP.

To check whether the route is advertised to the Internet, you can go to any router server and issue a "sh ip bgp x.x.x.x".

En esperant que cette information vous est utile,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Bonjour,

We don't know our providre if it receive our network or not, but I will ask next week.

For your question, it our ISP that give us the public address,

Merci

Mosytafa CHAKIR

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: