Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

BGP Problem ?


We have a BGP multihoming setup with same upstream provider and we are using 2 * routers for this setup at our end. We are recieving default routes from provider and advertising our prefixes to provider from both edge routers. Both edge routers are connected with firewalls and these firewalls are connected with 2* core switches. We had a problem yesterday after upgradation of OS of both firewalls that traffic from internet was reaching to servers from 1 internet link but on the other link it was dropping on router. This problem was nothing to do with firewall upgradation bcz traffic was reaching from other link. So I shuted down the bgp neighbor relationship with provider and then resume after a while. After this step traffic started coming from this router towards firewall as well. Kindly shed some light on this issue , what could be the possible issue ? it seems strange.



Hall of Fame Super Silver

Re: BGP Problem ?

Hello Mujeeb,

it is difficult to understand what happened without more details.

You say that the second router was dropping traffic coming from internet with destination your prefixes.

Have you configured on the edge router floating static routes pointing to Null0 (with an high AD) for your prefixes in order to have it announce always your prefixes ?

I guess you have also static routes for your prefixes via the firewall.

Could the firewall os upgrade change the MAC address on the NIC ? Unlikely but possible so this could be an ARP table issue: if at least 4 hours before restoration this is enough to time out ARP entry.

Have you configured any form of unicast RPF feature on the edge routers ?

And Have the two edge routers an iBGP session between them ?

I would suggest you to provide a filtered version of your edge routers config in order to enable further investigation

Hope to help


CreatePlease login to create content