Hello Every Body,
I'm Mostafa CHAKIR from Moroccow, working as an telecom ingenieer, excuse my english is bad.
I'm configuring a cisco router to communicate with a juniper router with bgp routing protocol, every thing is OK, when I configured a bgp process in my router the bgp communication pass to estableched, and when i perform a "show ip route" command I see all route that the juniper router advertise. The problem is that in the other side they don't see my network, and my router show me a message :
*Mar 3 02:40:09.719: BGP: Applying map to find origin for 188.8.131.52/29
*Mar 1 00:05:06.331: BGP: Applying map to find origin for 184.108.40.206/29
In my side i use a private AS number, but in the other side they a public AS number, i will post an attachement diagram and the show-tec file.
Thank you for your help
could you please post the output of
show ip bgp regexp ^$
show ip bgp neighbors 220.127.116.11 advertised-routes
The config looks fine, except I would install a couple of filters to secure your BGP.
Thank you for your response, I want to ask if the filters you want to install will resolve my problème, cause now I'm in test mode, there is no Firewall, but I place may laptop with a crose over cable direcly connected to the FastEthernet 0/1, and from the router console I can ping every IP address in the world, but from my laptop I can't do that.
One thing I noticed looking at your configuration is that you do not use the "neighbor x.x.x.x update-source" command.
It is usually recommended to configure a loopback address and to have te update-source pointing to it when running an eBGP multihop scenario. What address does your provider use to peer with you?
One more thing. The network statement will cause BGP to originate the route only if there is a matching route is present in the routing table. Can you see prefix 18.104.22.168/29 in your routing table. You should assuming fa0/1 is up.
Hope this helps,
Thank you for your response,
First, I can't configure a loopback interface, because I can't subnet the 22.214.171.124/29 to make to the interface LoopBack it's own address, for the router they give only the 126.96.36.199.
Second, in my routing table i see that the 188.8.131.52/29 is directly connected to the FastEthernet 0/1 cause the interface is UP and directly connected into with a cross cable (With mu PC I simulate the FireWal).
Can you tell me what that will occur the command "neighbor x.x.x.x update-source".
The address you would use on the loopback interface is not necesseraly an address off the subnet they give you. It could be a private IP address. More importantly, your ISP should tell you what is the address they use to peer with you and that is the address you should use on the loopback interface.
Hope this helps,
I think the issue might be with your ISP not advertising the IP block they assigned to you. I looked on the Internet and the /24, from which they assigned the /29 they gave you, is not advertised.
It is normal that you can ping anywhere on the Internet from the router itself because you are using the serial interface address as your source address and these blocks are advertised by your SP. But when using the laptop behind the router, you actually use an address off that /29 they gave you and this block or the /24 that belongs to your ISP are not advertised on the Net.
You should definitely check with your provider.
Hope this helps,
I want you to know that may ISP (In spain) are giving me a private AS number (65101), it is normal that i advertise a public network from a pricate AS number?
Can you give me the way to verify that the network I'm using is not advertised to the internet? I want to prove that to my ISP.
The fact of advertising a public prefix using a private AS to your provider is not an issue since your provider will probaly remove the private AS or simply advertise an aggregate route covering your /29.
Did your provider tell you they don't receive the /29 you send them? Your configuration is rather simple and I see no reason for them not to receive it.
The other question is even if they receive it they should not advertise a /29 to the Internet but rather a /24. Did they give you the public IP address or do you own it. If you own it you should probably advertise the entire /24 and not a /29. A /29 will not propagate through the Internet as it will most probably be filtered either by your ISP or some other upstream ISP.
To check whether the route is advertised to the Internet, you can go to any router server and issue a "sh ip bgp x.x.x.x".
En esperant que cette information vous est utile,
We don't know our providre if it receive our network or not, but I will ask next week.
For your question, it our ISP that give us the public address,