08-20-2007 02:34 AM - edited 03-03-2019 06:23 PM
Hello All,
Below is my partial E-BGP Configuration:
Router bgp <AS_Number>
no synchronization
bgp log-neighbor-changes
network <..> mask <....>
network 172.21.128.0 mask 255.255.192.0
network 172.24.128.0 mask 255.255.248.0
neighbor <..> remote-as <AS_number>
neighbordescription --------E-BGP peer to France
Today, i have 2 New Subnets in INDIA Environment. Subnet are 10.0.0.0 & 192.168.194.0
My Question is: If i just advertise the above new Subnets in my Local BGP AS means will the Subnets will be Routed enough ? ? over WAN Environment.
Thanks in Advance for your Reply
Best Regards,
Guru Prasad R
08-20-2007 02:43 AM
Hi Guru,
Can you tell us more about your topology and connectivity, how are you having this peering, as you know if this peering is through an ISP he'll drop these private IPs, if this BGP peering is over VPNs or layer 2 technologies or a GRE tunnel then no problems.
HTH,
Mohammed Mahmoud.
08-20-2007 02:58 AM
Guru,
If you plan to add the subnets as a network statement under BGP, they will be advertised to the peer if the following conditions are met.
1. there is a local IGP route for the subnet
2. There is no outbound filter applied to updates to the remote peer denying the above prefixes
3. No inbound filter at the far end denying them to be installed
But as Mohammed said, if you are peering with an ISP they will be dropped unless you are buying a MPLS service from them
HTH
Narayan
08-20-2007 02:58 AM
HI Mohammed Mahmoud & Narayan,
Thanks in Advance for your Quick reply.
INDIA - to - Europe we have 20 Mbps MPLS VPN Link over WAN.
E-BGP Peer exists between INDIA & Europe with AS Number for EBGP as: 65530.
I would like to advertise the New Subnets to the Backbone Network.
I-BGP peer exists for a Backup Link (VPN over Internet) from INDIA to Europ with AS Nuber for IBGP as:64910
INFO: I am interested to Advertise these new Subnets over WAN Network (where as it should be carried forward by both E-BGP & I-BGP).
NOTE: For me its a Private AS
Also i am afraid on the below configuration on my Routers (Whether this will Block ?) as per Narayan Post:
INDIA Router:
-----------------------------
ip bgp-community new-format
ip community-list 101 permit ^1:*
ip community-list 120 permit ^20:*
ip community-list 132 permit ^32:*
ip community-list 133 permit ^33:*
ip community-list 134 permit ^34:*
ip community-list 139 permit ^39:*
ip community-list 144 permit ^44:*
ip community-list 147 permit ^47:*
ip community-list 149 permit ^49:*
ip community-list 152 permit ^852:*
ip community-list 161 permit ^61:*
ip as-path access-list 10 deny ^$
ip as-path access-list 10 permit .*
ip as-path access-list 20 permit ^$
ip as-path access-list 20 deny .*
Europe Router:
-----------------------------------
ip bgp-community new-format
ip community-list 101 permit ^1:*
ip community-list 120 permit ^20:*
ip community-list 132 permit ^32:*
ip community-list 133 permit ^33:*
ip community-list 134 permit ^34:*
ip community-list 139 permit ^39:*
ip community-list 144 permit ^44:*
ip community-list 147 permit ^47:*
ip community-list 149 permit ^49:*
ip community-list 152 permit ^852:*
ip community-list 161 permit ^61:*
ip as-path access-list 10 deny ^$
ip as-path access-list 10 permit .*
ip as-path access-list 20 permit ^$
ip as-path access-list 20 deny .*
I don't Completely Understand this Community-list Configuration (Please provide some link or documentation for the Community-list Attribute Configuration). Do i need to add a new "community-list" Value for advertising the any additional new Subnets in Future.
Looking forward for your Advices.
Best Regards,
Guru Prasad R
08-20-2007 03:18 AM
Guru,
EBGP won't have any problems over MPLS-VPN, while if the IBGP was over MPLS-VPN then you would have required to do as-override to insure connectivity (in MPLS your provider AS is in between causing problems (since BGP is now PE-CE routing protocol) which is solved using the as-override), and i guess that's why your provider made you do the peering with eBGP rather than iBGP.
Back to your scienario, it looks weird to have eBGP and iBGP peering between your 2 branches, what are the odds of modyfing this.
HTH,
Mohammed Mahmoud.
08-20-2007 03:25 AM
Dear Mohammed Mahmoud,
May be i confused you,
1. Primary MPLS VPN between INDIA & Europe
2. Secondary VPN over Internet between INDIA
& Europe
3. IBGP Between the INDIA (Primary & Secondary Routers)
4. E-BGP between INDIA(Pri) & Europe(Pri) Routers
In Addition,
As per Narayan Post: I have some Quick INFO:
I am afraid on the below configuration on my Routers (Whether this will Block ?) as per Narayan Post:
INDIA Router:
-----------------------------
ip bgp-community new-format
ip community-list 101 permit ^1:*
ip community-list 120 permit ^20:*
ip community-list 132 permit ^32:*
ip community-list 133 permit ^33:*
ip community-list 134 permit ^34:*
ip community-list 139 permit ^39:*
ip community-list 144 permit ^44:*
ip community-list 147 permit ^47:*
ip community-list 149 permit ^49:*
ip community-list 152 permit ^852:*
ip community-list 161 permit ^61:*
ip as-path access-list 10 deny ^$
ip as-path access-list 10 permit .*
ip as-path access-list 20 permit ^$
ip as-path access-list 20 deny .*
Europe Router:
-----------------------------------
ip bgp-community new-format
ip community-list 101 permit ^1:*
ip community-list 120 permit ^20:*
ip community-list 132 permit ^32:*
ip community-list 133 permit ^33:*
ip community-list 134 permit ^34:*
ip community-list 139 permit ^39:*
ip community-list 144 permit ^44:*
ip community-list 147 permit ^47:*
ip community-list 149 permit ^49:*
ip community-list 152 permit ^852:*
ip community-list 161 permit ^61:*
ip as-path access-list 10 deny ^$
ip as-path access-list 10 permit .*
ip as-path access-list 20 permit ^$
ip as-path access-list 20 deny .*
I don't Completely Understand this Community-list Configuration (Please provide some link or documentation to understand Community-list Attribute Configuration). Do i need to add a new "community-list" Value for advertising the any additional new Subnets in Future.
Looking forward for your more Advices.
Best Regards,
Guru Prasad R
08-20-2007 03:31 AM
Hi,
Can you attach full configuration.
BR,
Mohammed Mahmoud.
08-20-2007 03:48 AM
HI Mohammed Mahmoud,
I am posting the E-BGP Configuration part:
INDIA Router:
------------------------
nterface Loopback100
description ***** Used for GRE tunnel9133 to France
ip address 192.168.196.1 255.255.255.255
interface Tunnel100
description *12MB GRE Tunnel*
bandwidth 12000
ip address 192.168.198.70 255.255.255.252
ip accounting output-packets
ip mtu 1500
keepalive 10 3
tunnel source 192.168.196.1
tunnel destination 192.168.196.4
interface Serial1/0
description Connected to SP MUX
ip address ip_address mask
ip access-group 101 out
dsu bandwidth 44210
scramble
framing c-bit
cablelength 10
serial restart-delay 0
router bgp 64910
no synchronization
bgp log-neighbor-changes
network 172.21.128.0 mask 255.255.192.0
network 172.24.128.0 mask 255.255.248.0
neighbor 172.21.159.10 remote-as 64910
neighbor 172.21.159.10 description IBGP peer to Backup Router (INDIA) - VPN over Internet
neighbor 172.21.159.10 update-source Loopback0
neighbor 172.21.159.10 next-hop-self
neighbor 172.21.159.10 send-community
neighbor 172.21.159.10 soft-reconfiguration inbound
neighbor 192.168.198.60 remote-as 65330
neighbor 192.168.198.60 description EBGP Peer to France
neighbor 192.168.198.60 send-community
neighbor 192.168.198.60 soft-reconfiguration inbound
neighbor 192.168.198.60 route-map Local_Pref<-AS65330 in
neighbor 192.168.198.60 route-map AS64910->AS65330 out
ip route 172.21.128.0 255.255.192.0 172.21.170.2
ip route 172.21.128.0 255.255.192.0 172.21.170.3 200
ip route 172.24.128.0 255.255.248.0 172.21.170.2
ip route 172.24.128.0 255.255.248.0 172.21.170.3 200
ip bgp-community new-format
ip community-list 101 permit ^1:*
ip community-list 120 permit ^20:*
ip community-list 132 permit ^32:*
ip community-list 133 permit ^33:*
ip community-list 134 permit ^34:*
ip community-list 139 permit ^39:*
ip community-list 144 permit ^44:*
ip community-list 147 permit ^47:*
ip community-list 149 permit ^49:*
ip community-list 152 permit ^852:*
ip community-list 161 permit ^61:*
ip as-path access-list 10 deny ^$
ip as-path access-list 10 permit .*
ip as-path access-list 20 permit ^$
ip as-path access-list 20 deny .*
route-map Local_Pref<-AS65330 permit 20
set local-preference 50
!
route-map AS64910->AS65330 permit 10
match as-path 20
set community 91:33
!
route-map AS64910->AS65330 permit 20
!
route-map BGP64910->OSPF1 deny 10
match as-path 20
!
route-map BGP64910->OSPF1 permit 20
set metric 5000
set metric-type type-1
I am afraid at the "community-list" Configuration (as a Blocking Issue) as per Narayan Question. Please help me in this Routing Issue & Requirement.
Best Regards,
Guru Prasad R
08-20-2007 07:46 AM
Dear Mohammed Mahmoud & Narayan,
Can you please show your kind attention on this POST.
Thanks in Advance for your Reply.
Best Regards,
Guru Prasad R
08-20-2007 10:09 AM
hi Guru,
The community lists are not referred to in the configuration by any means (there is no match community x in any of the route-maps), the used route-maps are summarized as follows:
route-map AS64910->AS65330 makes sure that the local originated ips are advertised over the eBGP session tagged with community 91:33 while other routes are sent untagged.
route-map Local_Pref<-AS65330 reduces the local-pref of the received eBGP routes, making them less preferred than other identical routes received from another peering (the iBGP in your case, which is weired as it is the opposite of your needs, as this will make the iBGP routes preferred - the higher the local-pref the more preferred the route, and the default local-pref is 100).
HTH,
Mohammed Mahmoud.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide